Now if we consider a BGPSEC island of 100,000 participating prefixes (multiple ISPs form a BGPSEC island and there is BGPSEC between them and also in each ISP's entire customer cone): With 24 hour beaconing interval, we would have: Prefix Updates per Day = 100,000 (seen at each BGPSEC router)
It's one additional update per table entry per day, assuming a 24 hour beacon. If the table is 300,000 routes, it's 300,000 additional updates a day --on top of normal churn.
The 24 hour "beacon rate," is a bad assumption anyway --once operators catch on to this being the actual amount of time you're willing to allow others to hijack your routes, the rate will shorten up considerably. There's no "downward limit" on the time, and there's no real economic incentive for the originator to choose longer times.
At some point you're going to be forced to put in timers per AS Path hop --since the signature in the packet represents the policy and connectivity between every pairwise set in the AS Path, every pairwise set also needs a timer.
Added together, we are talking at least a doubling of the rate at which updates are received (and probably more like a tripling or quadrupling over time), at least a quadrupling of the total traffic in terms of bits/second (assuming the lowest possible update rates)--and all of this counts the cost of actually handling the crypto inbound and outbound as zero.
Russ _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
