WG Chair Hat OFF
On 02/12/2008, at 11:05 AM, Pradosh Mohapatra (pmohapat) wrote:
Hi Geoff,
| >> 1. I have been allocated 203.10.61.0/24. I do not use it
| today in any
| >> public routing context. It should not appear in BGP at
| all. I do not
| >> give my authorization to any AS to originate a route for
| this prefix,
| >> or any more specific of this prefix. If I generate a BOA for
| >> 203.10.61.0/24 then my intention of saying that any use of this
| >> prefix in the public Internet is unauthorized is clear.
| >
| > If you do not give your authorization then do not issue a ROA.
| > With the incremental deployment argument, I'm not sure who would
be
| > looking at BOAs if they're not looking at ROAs.
|
| I'm sorry, but I cannot see any logic in that response. If I
| do not give my authorization and I would like to inform
| everyone else that any use of this address, or this AS is an
| instance of a hijack then your response seems to be saying to
| me that I should not do anything.
| If that is what you are saying then it seems to be a totally
| ineffectual course of action in my opinion.
What if: when "I have been allocated 203.10.61.0/24", I issue an
ROA for the same with my origin AS? Doesn't that automatically
mean that all the advertisements of the prefix from another origin
AS are automatically invalid?
No. Some folk believe that this should be the case, others believe
that this should not be the case. Those who believe that this should
not be the case are proposing the BOA as a form of explicitly stating
what is invalid without having to state what is valid.
By the way, given that you have published a ROA aithorizing your
origin AS to advertise the prefix, I suspect that this has created
some further vulnerabilities that a BOA would not create. What happens
if I use this ROA you've created to hijack with your prefix by
prepending your origin AS to my AS? Can a third party detect that this
is a hijack of your prefix from the origination information and the
ROA? I do not think so.
And since I will not be generating
any updates for this prefix, it will not appear in BGP at all!
Doesn't that solve the problem you cited?
no - see above,.
Are you concerned that
some other AS would also issue an ROA for the same or a more
specific block of the prefix? That can't be!
| >> 2. I have been allocated AS 131074 as an AS number. I do
| not use it
| >> today in any public routing context. It should not appear
| in BGP at
| >> all either as an origination AS nor as a transit AS in any AS
path.
| >> If I generate a BOA for AS131074 then my intention of
| saying that any
| >> use of this AS number in the public Internet is unauthorized is
| >> clear.
| >
| > But the draft currently does not mitigate "nor as a transit AS",
| > unless I'm missing something. Specifically:
| >
| > S.5 graf 2:
| >
| > "If a route object has an AS origination that refers to an
| AS number
| > that is listed in a valid BOA, then the route object can be
| regarded
| > as a Bogon object, and local policies that apply to Bogon
| AS's can be
| > applied to the object. This holds whether or not the
| address prefix of
| > the route object is described by a valid ROA or not."
| >
| > I see nothing about "or as a transit AS" in there.
|
| My apologies - we are not allowed to talk about transit yet
| as its not an agreed requirement coming out of RSPSEC. So if
| I remove "nor as a transit AS" and sundry words then I trust
| that the point I was making is amply clear.
How important is the case of "AS protection" as opposed to
"prefix" protection? Doesn't this automatically become a
by-product of ROA level checks?
No, it does not. There are many instances of use of AS numbers what
are not recorded in any allocation database. See the attached list for
today's set of bogon ASs
| >> 3. I have been allocated 203.10.60.0/22. I wish to ensure that
any
| >> more specific advertisement of this prefix is unauthorized. If I
| >> generate a BOA for 203.10.60.0/23 AND 203.10.62.0/23 then my
| >> intention is clear.
| >
| > I still don't by it.. As an operator, you tell me who is
| authorized
| > to originate and that's the only origin AS I accept.
| That's easier to
| > configure in a router, requires less objects in the RPKI, and
makes
| > life much simpler.
|
|
| No security at all makes like enormously simpler. At some
| point it is
| necessary to understand what makes a robust security
| environemnt even
| in a world of partial use and piecemeal adoptions and then work
| through the issues related to operational deployment. But you appear
| to have some other approach in mind.
As others have suggested, when "I have been allocated 203.10.60.0/22",
I issue an ROA for 203.10.60.0/22-22. That automatically means that
there can't be any other advertisements for this prefix or its more
specifics (unless I suballocate a more specific block and a new ROA
gets added to the repository for that]. Is there any case that's not
handled by doing this?
That's your _assumption_ of the sematics of a ROA. What reference
material or working group draft can you cite for semantic
interpretation of a ROA? draft-ieft-sidr-roa-validation? I don't think
so. The point of hte BOA draft it that it challenges this assumption
by taking the position that such route aorigination authorities are
explicitly scoped to the authority described in the object, without
the implicit inclusion of any other authority or denial.
AS referred to earlier, here's the list of today's bogon AS numbers,
just in case you thought that this is a non-problem:
AS4801 Announced by AS703 UUNET - MCI Communications
Services, Inc. d/b/a Verizon Business
AS4801 Announced by AS9304 HUTCHISON-AS-AP Hutchison Global
Communications
AS8008 Announced by AS23577 ATM-MPLS-AS-KR Korea Telecom
AS9218 Announced by AS71 HP-INTERNET-AS Hewlett-Packard Company
AS9798 Announced by AS151 IND-NTC-AS - Hewlett-Packard Company
AS9935 Announced by AS2687 ASATTCA AT&T Global Network
Services - AP
AS11153 Announced by AS10910 INTERNAP-BLK - Internap Network
Services Corporation
AS11196 Announced by AS701 UUNET - MCI Communications
Services, Inc. d/b/a Verizon Business
AS11253 Announced by AS4323 TWTC - tw telecom holdings, inc.
AS11378 Announced by AS22822 LLNW - Limelight Networks, Inc.
AS11536 Announced by AS7018 ATT-INTERNET4 - AT&T WorldNet
Services
AS11536 Announced by AS13333 NAUTICOM-NET - Pinnatech, Inc.
AS11600 Announced by AS6461 MFNX MFN - Metromedia Fiber Network
AS11720 Announced by AS7018 ATT-INTERNET4 - AT&T WorldNet
Services
AS11967 Announced by AS6203 ISDN-NET - ISDN-Net Inc.
AS12077 Announced by AS13768 PEER1 - Peer 1 Network Inc.
AS12134 Announced by AS3356 LEVEL3 Level 3 Communications
AS12185 Announced by AS209 ASN-QWEST - Qwest Communications
Corporation
AS13317 Announced by AS7018 ATT-INTERNET4 - AT&T WorldNet
Services
AS13377 Announced by AS3549 GBLX Global Crossing Ltd.
AS13608 Announced by AS7018 ATT-INTERNET4 - AT&T WorldNet
Services
AS13746 Announced by AS7018 ATT-INTERNET4 - AT&T WorldNet
Services
AS13926 Announced by AS5109 AS-IDS-NET - Integrated Data
Systems, LLC
AS13956 Announced by AS3549 GBLX Global Crossing Ltd.
AS14293 Announced by AS6461 MFNX MFN - Metromedia Fiber Network
AS14373 Announced by AS6922 TEXASAGENCYNET - State of Texas
General Services Commission
AS14458 Announced by AS1239 SPRINTLINK - Sprint
AS14539 Announced by AS6517 RELIANCEGLOBALCOM - Reliance
Globalcom Services, Inc
AS14548 Announced by AS7385 INTEGRATELECOM - Integra Telecom,
Inc.
AS14568 Announced by AS7018 ATT-INTERNET4 - AT&T WorldNet
Services
AS14575 Announced by AS2828 XO-AS15 - XO Communications
AS14584 Announced by AS10910 INTERNAP-BLK - Internap Network
Services Corporation
AS14606 Announced by AS4323 TWTC - tw telecom holdings, inc.
AS14715 Announced by AS19024 INTERNAP-BLK5 - Internap Network
Services Corporation
AS14764 Announced by AS7018 ATT-INTERNET4 - AT&T WorldNet
Services
AS14812 Announced by AS209 ASN-QWEST - Qwest Communications
Corporation
AS14923 Announced by AS701 UUNET - MCI Communications
Services, Inc. d/b/a Verizon Business
AS15037 Announced by AS7018 ATT-INTERNET4 - AT&T WorldNet
Services
AS15053 Announced by AS12180 INTERNAP-2BLK - Internap Network
Services Corporation
AS15115 Announced by AS1239 SPRINTLINK - Sprint
AS15115 Announced by AS10912 INTERNAP-BLK - Internap Network
Services Corporation
AS15132 Announced by AS7018 ATT-INTERNET4 - AT&T WorldNet
Services
AS15211 Announced by AS6395 LVLT-6395 - Level 3
Communications, Inc.
AS15337 Announced by AS6325 ILLINOIS-CENTURY - Illinois
Century Network
AS16611 Announced by AS3144 PINNACLE - Pinnacle On-Line
AS16611 Announced by AS12064 ASN-CXA-HR-12064-CBS - Cox
Communications Inc.
AS16859 Announced by AS19262 VZGNI-TRANSIT - Verizon Internet
Services Inc.
AS16876 Announced by AS4181 TDS-AS - TDS TELECOM
AS16927 Announced by AS7018 ATT-INTERNET4 - AT&T WorldNet
Services
AS17144 Announced by AS209 ASN-QWEST - Qwest Communications
Corporation
AS17144 Announced by AS13791 INTERNAP-BLK3 - Internap Network
Services Corporation
AS17275 Announced by AS701 UUNET - MCI Communications
Services, Inc. d/b/a Verizon Business
AS17275 Announced by AS6461 MFNX MFN - Metromedia Fiber Network
AS17275 Announced by AS22773 ASN-CXA-ALL-CCI-22773-RDC - Cox
Communications Inc.
AS17283 Announced by AS3549 GBLX Global Crossing Ltd.
AS17300 Announced by AS701 UUNET - MCI Communications
Services, Inc. d/b/a Verizon Business
AS17300 Announced by AS1239 SPRINTLINK - Sprint
AS17300 Announced by AS7018 ATT-INTERNET4 - AT&T WorldNet
Services
AS18504 Announced by AS4565 MEGAPATH2-US - MegaPath Networks
Inc.
AS18506 Announced by AS701 UUNET - MCI Communications
Services, Inc. d/b/a Verizon Business
AS18533 Announced by AS174 COGENT Cogent/PSI
AS18641 Announced by AS209 ASN-QWEST - Qwest Communications
Corporation
AS18706 Announced by AS3356 LEVEL3 Level 3 Communications
AS18726 Announced by AS7018 ATT-INTERNET4 - AT&T WorldNet
Services
AS18726 Announced by AS14742 INTERNAP-BLOCK-4 - Internap
Network Services Corporation
AS18860 Announced by AS701 UUNET - MCI Communications
Services, Inc. d/b/a Verizon Business
AS18932 Announced by AS7018 ATT-INTERNET4 - AT&T WorldNet
Services
AS18932 Announced by AS7132 SBIS-AS - AT&T Internet Services
AS19097 Announced by AS1785 AS-PAETEC-NET - PaeTec
Communications, Inc.
AS19097 Announced by AS13407 CTC-BGP2 - Computer Telephone Corp
AS19132 Announced by AS6140 IMPSAT-USA - ImpSat USA, Inc.
AS19243 Announced by AS2686 AT&T Global Network Services - EMEA
AS19243 Announced by AS10913 INTERNAP-BLK - Internap Network
Services Corporation
AS19612 Announced by AS701 UUNET - MCI Communications
Services, Inc. d/b/a Verizon Business
AS19612 Announced by AS7018 ATT-INTERNET4 - AT&T WorldNet
Services
AS19713 Announced by AS10367 METRO2000 - Metro2000, Inc.
AS19851 Announced by AS701 UUNET - MCI Communications
Services, Inc. d/b/a Verizon Business
AS19981 Announced by AS80 GE-CRD - General Electric Company
AS19999 Announced by AS577 BACOM - Bell Canada
AS19999 Announced by AS15290 ALLST-15290 - Allstream Corp.
Corporation Allstream
AS20146 Announced by AS209 ASN-QWEST - Qwest Communications
Corporation
AS20156 Announced by AS701 UUNET - MCI Communications
Services, Inc. d/b/a Verizon Business
AS20247 Announced by AS19262 VZGNI-TRANSIT - Verizon Internet
Services Inc.
AS20323 Announced by AS3300 BT-INFONET-EUROPE BT-Infonet-Europe
AS20364 Announced by AS7018 ATT-INTERNET4 - AT&T WorldNet
Services
AS20380 Announced by AS1239 SPRINTLINK - Sprint
AS20408 Announced by AS7132 SBIS-AS - AT&T Internet Services
AS20463 Announced by AS7018 ATT-INTERNET4 - AT&T WorldNet
Services
AS21676 Announced by AS1239 SPRINTLINK - Sprint
AS21732 Announced by AS12181 INTERNAP-2BLK - Internap Network
Services Corporation
AS21846 Announced by AS209 ASN-QWEST - Qwest Communications
Corporation
AS22022 Announced by AS3356 LEVEL3 Level 3 Communications
AS22056 Announced by AS7018 ATT-INTERNET4 - AT&T WorldNet
Services
AS22219 Announced by AS3356 LEVEL3 Level 3 Communications
AS22219 Announced by AS7018 ATT-INTERNET4 - AT&T WorldNet
Services
AS22232 Announced by AS2647 SITA SITA
AS22232 Announced by AS7018 ATT-INTERNET4 - AT&T WorldNet
Services
AS22360 Announced by AS209 ASN-QWEST - Qwest Communications
Corporation
AS22372 Announced by AS3549 GBLX Global Crossing Ltd.
AS22372 Announced by AS7018 ATT-INTERNET4 - AT&T WorldNet
Services
AS22457 Announced by AS6496 ANET - ANET Internet Solutions, Inc
AS22457 Announced by AS19024 INTERNAP-BLK5 - Internap Network
Services Corporation
AS22492 Announced by AS4323 TWTC - tw telecom holdings, inc.
AS22586 Announced by AS209 ASN-QWEST - Qwest Communications
Corporation
AS22721 Announced by AS174 COGENT Cogent/PSI
AS22741 Announced by AS10910 INTERNAP-BLK - Internap Network
Services Corporation
AS22751 Announced by AS22197 APPS - Apps Communications
AS22757 Announced by AS17054 AS17054 - CONTINENTAL BROADBAND
PENNSYLVANIA, INC.
AS22761 Announced by AS7029 WINDSTREAM - Windstream
Communications Inc
AS22815 Announced by AS701 UUNET - MCI Communications
Services, Inc. d/b/a Verizon Business
AS22815 Announced by AS3356 LEVEL3 Level 3 Communications
AS22846 Announced by AS701 UUNET - MCI Communications
Services, Inc. d/b/a Verizon Business
AS22846 Announced by AS7018 ATT-INTERNET4 - AT&T WorldNet
Services
AS22875 Announced by AS10910 INTERNAP-BLK - Internap Network
Services Corporation
AS22875 Announced by AS13789 INTERNAP-BLK3 - Internap Network
Services Corporation
AS22943 Announced by AS10910 INTERNAP-BLK - Internap Network
Services Corporation
AS23011 Announced by AS12006 EUREKANETWORKS-AS-12006 - eLink
Communications INC.
AS23021 Announced by AS209 ASN-QWEST - Qwest Communications
Corporation
AS23021 Announced by AS7018 ATT-INTERNET4 - AT&T WorldNet
Services
AS23035 Announced by AS701 UUNET - MCI Communications
Services, Inc. d/b/a Verizon Business
AS23108 Announced by AS209 ASN-QWEST - Qwest Communications
Corporation
AS23108 Announced by AS1239 SPRINTLINK - Sprint
AS23108 Announced by AS7018 ATT-INTERNET4 - AT&T WorldNet
Services
AS23247 Announced by AS10910 INTERNAP-BLK - Internap Network
Services Corporation
AS23276 Announced by AS701 UUNET - MCI Communications
Services, Inc. d/b/a Verizon Business
AS23276 Announced by AS21548 MTO - MTO Telecom Inc.
AS23434 Announced by AS16852 LVLT-16852 - Level 3
Communications, Inc.
AS23448 Announced by AS852 ASN852 - Telus Advanced
Communications
AS23448 Announced by AS6327 SHAW - Shaw Communications Inc.
AS23475 Announced by AS1239 SPRINTLINK - Sprint
AS23475 Announced by AS7132 SBIS-AS - AT&T Internet Services
AS23480 Announced by AS6298 ASN-CXA-PH-6298-CBS - Cox
Communications Inc.
AS23491 Announced by AS6395 LVLT-6395 - Level 3
Communications, Inc.
AS23502 Announced by AS7018 ATT-INTERNET4 - AT&T WorldNet
Services
AS23918 Announced by AS4716 POWEREDCOM KDDI Corporation
AS24011 Announced by AS174 COGENT Cogent/PSI
AS24012 Announced by AS1239 SPRINTLINK - Sprint
AS24012 Announced by AS4862 EQUANT-ASIA Equant AS for Asian
Region covering Japan
AS24084 Announced by AS3300 BT-INFONET-EUROPE BT-Infonet-Europe
AS24084 Announced by AS4755 TATACOMM-AS TATA Communications
formerly VSNL is Leading ISP
AS25639 Announced by AS7018 ATT-INTERNET4 - AT&T WorldNet
Services
AS25964 Announced by AS701 UUNET - MCI Communications
Services, Inc. d/b/a Verizon Business
AS25992 Announced by AS701 UUNET - MCI Communications
Services, Inc. d/b/a Verizon Business
AS26001 Announced by AS1239 SPRINTLINK - Sprint
AS26023 Announced by AS16399 NETWORKGCI - Globalcom
AS26051 Announced by AS17229 ATT-CERFNET-BLOCK - AT&T
Enhanced Network Services
AS26064 Announced by AS7018 ATT-INTERNET4 - AT&T WorldNet
Services
AS26187 Announced by AS7018 ATT-INTERNET4 - AT&T WorldNet
Services
AS26396 Announced by AS32703 IFN-NET - Indiana Fiber Network,
LLC
AS26483 Announced by AS3356 LEVEL3 Level 3 Communications
AS26515 Announced by AS7795 NTELOSINC - Ntelos Inc.
AS26539 Announced by AS7018 ATT-INTERNET4 - AT&T WorldNet
Services
AS26581 Announced by AS1239 SPRINTLINK - Sprint
AS26650 Announced by AS3491 BTN-ASN - Beyond The Network
America, Inc.
AS26656 Announced by AS701 UUNET - MCI Communications
Services, Inc. d/b/a Verizon Business
AS26656 Announced by AS1239 SPRINTLINK - Sprint
AS26690 Announced by AS7132 SBIS-AS - AT&T Internet Services
AS26883 Announced by AS6337 HIWAAY - HIWAAY INFORMATION
SERVICES, INC.
AS26951 Announced by AS14743 INTERNAP-BLOCK-4 - Internap
Network Services Corporation
AS26970 Announced by AS209 ASN-QWEST - Qwest Communications
Corporation
AS26970 Announced by AS7018 ATT-INTERNET4 - AT&T WorldNet
Services
AS26973 Announced by AS7018 ATT-INTERNET4 - AT&T WorldNet
Services
AS27197 Announced by AS7029 WINDSTREAM - Windstream
Communications Inc
AS27223 Announced by AS701 UUNET - MCI Communications
Services, Inc. d/b/a Verizon Business
AS27243 Announced by AS17054 AS17054 - CONTINENTAL BROADBAND
PENNSYLVANIA, INC.
AS27252 Announced by AS30314 KAN-ED - Kansas Education Network
AS27301 Announced by AS701 UUNET - MCI Communications
Services, Inc. d/b/a Verizon Business
AS27363 Announced by AS701 UUNET - MCI Communications
Services, Inc. d/b/a Verizon Business
AS27363 Announced by AS1239 SPRINTLINK - Sprint
AS27363 Announced by AS6128 CABLE-NET-1 - Cablevision Systems
Corp.
AS27451 Announced by AS209 ASN-QWEST - Qwest Communications
Corporation
AS27451 Announced by AS7132 SBIS-AS - AT&T Internet Services
AS27642 Announced by AS7132 SBIS-AS - AT&T Internet Services
AS28544 Announced by AS6503 Avantel, S.A.
AS28551 Announced by AS11172 Alestra
AS28551 Announced by AS22566 MAXCOM Telecomunicaciones SA de CV
AS29703 Announced by AS852 ASN852 - Telus Advanced
Communications
AS29703 Announced by AS6539 GT-BELL - Bell Canada
AS29755 Announced by AS7132 SBIS-AS - AT&T Internet Services
AS29770 Announced by AS209 ASN-QWEST - Qwest Communications
Corporation
AS29770 Announced by AS1239 SPRINTLINK - Sprint
AS29837 Announced by AS3549 GBLX Global Crossing Ltd.
AS29994 Announced by AS558 NET2EZ - Net2EZ
AS30028 Announced by AS7132 SBIS-AS - AT&T Internet Services
AS30273 Announced by AS6128 CABLE-NET-1 - Cablevision Systems
Corp.
AS30273 Announced by AS23329 AS-OPENACCESS - Open Access Inc.
AS30419 Announced by AS3356 LEVEL3 Level 3 Communications
AS30707 Announced by AS12181 INTERNAP-2BLK - Internap Network
Services Corporation
AS30711 Announced by AS7132 SBIS-AS - AT&T Internet Services
AS31966 Announced by AS4265 CERNET-ASN-BLOCK - California
Education and Research Federation Network
AS31966 Announced by AS4267 CERNET-ASN-BLOCK - California
Education and Research Federation Network
AS31966 Announced by AS14743 INTERNAP-BLOCK-4 - Internap
Network Services Corporation
AS32057 Announced by AS26554 US-SIGNAL - US Signal Corporation
AS32108 Announced by AS209 ASN-QWEST - Qwest Communications
Corporation
AS32108 Announced by AS36607 NETONEGROUP - NET ONE GROUP, LLC
AS32326 Announced by AS3549 GBLX Global Crossing Ltd.
AS32326 Announced by AS7018 ATT-INTERNET4 - AT&T WorldNet
Services
AS32434 Announced by AS4323 TWTC - tw telecom holdings, inc.
AS32458 Announced by AS7018 ATT-INTERNET4 - AT&T WorldNet
Services
AS32567 Announced by AS7018 ATT-INTERNET4 - AT&T WorldNet
Services
AS32689 Announced by AS13675 FAIRPO-3 - FAIRPOINT
COMMUNICATIONS, INC.
AS32732 Announced by AS1785 AS-PAETEC-NET - PaeTec
Communications, Inc.
AS32822 Announced by AS209 ASN-QWEST - Qwest Communications
Corporation
AS32822 Announced by AS3356 LEVEL3 Level 3 Communications
AS32873 Announced by AS7018 ATT-INTERNET4 - AT&T WorldNet
Services
AS32873 Announced by AS10912 INTERNAP-BLK - Internap Network
Services Corporation
AS32895 Announced by AS10910 INTERNAP-BLK - Internap Network
Services Corporation
AS33089 Announced by AS701 UUNET - MCI Communications
Services, Inc. d/b/a Verizon Business
AS33400 Announced by AS7018 ATT-INTERNET4 - AT&T WorldNet
Services
AS33445 Announced by AS701 UUNET - MCI Communications
Services, Inc. d/b/a Verizon Business
AS33574 Announced by AS209 ASN-QWEST - Qwest Communications
Corporation
AS33649 Announced by AS7018 ATT-INTERNET4 - AT&T WorldNet
Services
AS38137 Announced by AS17494 BTTB-AS-AP Telecom Operator &
Internet Service Provider as well
AS38205 Announced by AS17494 BTTB-AS-AP Telecom Operator &
Internet Service Provider as well
AS38722 Announced by AS9304 HUTCHISON-AS-AP Hutchison Global
Communications
AS38870 Announced by AS9482 ASN-ACON-AP Australia Connect Pty
Ltd
AS64553 Announced by AS9498 BBIL-AP BHARTI Airtel Ltd.
AS65009 Announced by AS15924 BORUSANTELEKOM-AS Borusan
Telekom Autonomus System
AS65031 Announced by AS2588 LATNET ISP
AS65101 Announced by AS29405 VNET-AS VNET ISP Bratislava,
Slovakia, SK
AS65445 Announced by AS27817 Red Nacional Académica de
Tecnología Avanzada - RENATA
AS65491 Announced by AS27817 Red Nacional Académica de
Tecnología Avanzada - RENATA
AS65498 Announced by AS27817 Red Nacional Académica de
Tecnología Avanzada - RENATA
AS65528 Announced by AS31405 TMD AS for T-Mobile Deutschland,
GPRS/UMTS access and content provider
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
