Following up on my preceding email, this (notification below) is the second part (after the 1 to 2 split) that documents the “route leaks solution proposal”. This work was presented at the GROW meeting in Toronto, and it was suggested that the path of progress for this document (solution proposal) should be through IDR to SIDR. I will be happy to present this work in the IDR or the joint IDR-SIDR meeting in Honolulu. The earlier comments on this work at the GROW meeting in Toronto can be found here:
http://www.ietf.org/proceedings/90/minutes/minutes-90-grow Further comments, suggestions are welcome. Sriram ________________________________________ From: [email protected] <[email protected]> Sent: Monday, October 27, 2014 7:01 PM To: Sriram, Kotikalapudi; Montgomery, Douglas; Subject: New Version Notification for draft-sriram-route-leak-detection-mitigation-00.txt A new version of I-D, draft-sriram-route-leak-detection-mitigation-00.txt has been successfully submitted by Kotikalapudi Sriram and posted to the IETF repository. Name: draft-sriram-route-leak-detection-mitigation Revision: 00 Title: Methods for Detection and Mitigation of BGP Route Leaks Document date: 2014-10-27 Group: Individual Submission Pages: 13 URL: http://www.ietf.org/internet-drafts/draft-sriram-route-leak-detection-mitigation-00.txt Status: https://datatracker.ietf.org/doc/draft-sriram-route-leak-detection-mitigation/ Htmlized: http://tools.ietf.org/html/draft-sriram-route-leak-detection-mitigation-00 Abstract: In [I-D.ietf-sriram-route-leak-problem-definition], the authors have provided a definition of the route leak problem, and also enumerated several types of route leaks. In this document, we first examine which of those route-leak types are detected and mitigated by the existing BGPSEC protocol [I-D.ietf-sidr-bgpsec-protocol-09]. Where the current BGPSEC protocol doesn't offer a solution, this document suggests an enhancement that would extend the route-leak detection and mitigation capability of BGPSEC. The solution can be implemented in BGP without necessarily tying it to BGPSEC. Incorporating the solution in BGPSEC is one way of implementing it in a secure way. We do not claim to have provided a solution for all possible types of route leaks, but the solution covers several, especially considering some significant route-leak attacks or occurrences that have been observed in recent years. The document also includes a stopgap method for detection and mitigation of route leaks for the phase when BGPSEC (path validation) is not yet deployed but only origin validation is deployed. _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
