On Mar 21, 2012, at 5:42 PM, Shane Amante wrote: > > On Mar 21, 2012, at 3:37 PM, Christopher Morrow wrote: >> On Wed, Mar 21, 2012 at 5:26 PM, Shane Amante <[email protected]> wrote: >>> >>> On Mar 21, 2012, at 3:21 PM, Christopher Morrow wrote: >>>> On Wed, Mar 21, 2012 at 5:13 PM, Shane Amante <[email protected]> >>>> wrote: >>>>> >>>>> On Mar 21, 2012, at 3:00 PM, Christopher Morrow wrote: >>>>>> On Wed, Mar 21, 2012 at 3:40 PM, Eric Osterweil >>>>>> <[email protected]> wrote: >>>>>>> My input is that the current work that does not address the real route >>>>>>> leak threat, and it is therefore insufficient. >>>>>> >>>>>> and many, many times ... 'how would you do this, really, show me the >>>>>> math' has been asked. >>>>> >>>>> Answer: Evaluate policy. >>>> >>>> 'apply prefix lists' you mean? >>> >>> No. Evaluate _policy_. Policy is about whether an ASN /intended/ to >>> announce a path to another ASN _or_ not. More succinctly: one needs input >>> to verify output, (since you said "show me the math"). >>> >> >> smarty... :) >> >> someone reminded me that I shouldn't be quite so flip 'show me the >> math' is really, 'how can I tell from 2 as-hops away that: >> >> 1 -> 2 -> 3 -> me >> >> is a leak?' >> >> Randy posted on nanog (to you/shane, I think) a message with content like: >> "to do this rigorously, i >> would need to form the transitive closure of the business policies of >> every inter-provider link on the internet." >> >> in this: <http://mailman.nanog.org/pipermail/nanog/2012-February/045941.html> >> message. This is what you mean as well, yes? > > Yes. And, to answer Randy's question in that message ... I'm not asserting > that this is a _simple_ problem to be solved, but we should not ignore the > problem b/c it's "hard" ... otherwise, we wouldn't have the Internet, as it > exists today, nor a lot of other things.
Sorry to butt in again, but to follow that up: I'm not sure that "to do this _rigorously_" was the right phrasing. I think in order to "completely" model all of the Internet's BGP policies across the entire AS topology you would need to form the transitive closure over everything, but it would still be a rigorous exercise to model more restricted topologies. For example, you might want to scope your analysis: your adjacencies, or islands of security, or $n$ hops out from a source, etc... I'm not claiming to have considered all of the relative benefits or drawbacks of that, but it would still (imho) be a rigorous process... Maybe it would even be useful to some... Just sayin' Eric _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
