On Sat, Jul 02, 2016 at 07:02:32AM +0900, Randy Bush wrote:
what could possibly go wrong with a well-known transitive attribute
which causes an un-authenticated prefix's traffic to be dropped on
the floor?
Today I have 5 or six of them... and my managment system has a
series of substitutions for the provider-appropriate one. So, what
can go wrong with a poorly understood and loosely coordinated
transitive attributes which cause unauthenticated prefixes traffic
to be dropped on the floor?
and you are kinda peotected by the community not being well-known,
i.e. different for each upstream. the attacker has to know the
community for each upstream and be able to not only inject the prefix
but also tag it with the correct community for each upstream.
Your argument comes down to "security through obscurity" - in essence an
argument against a lot of standardisation work. In fact, if
standardisation itself is a risk, it means the underlying system is
broken. You should address that in a different draft, seems out of scope
for this one. Proclaiming there is a security advantage because of lack
of regulation / standardisation feels like you are putting your head in
the sand.
You present your scenario as if it is difficult to figure out
communities. Already today adversaries can use their favorite search
engine to find which communities do what where. One can attach multiple
BGP communities to a route. Yes, (intentional) accidents do happen.
Should all cars be banned because accidents happen on the roads?
What this document provides is a well-known BGP community to be used for
a commonly understood purpose, and the document acknowledges that the
rules differ from provider to provider, just like today with the myriad
of communities. It is up to the operator to decide when to accept and
honor the blackhole community.
If one blindly accepts the blackhole community (ignoring section 3.3),
and at the same time manages to honor it (section 4 prevents vendors
from enabling this by default) you probably deserve whatever happens
next. Since when are side wheels mandatory?
Section 3.3 states : "BGP speakers SHOULD only accept and honor BGP
announcements carrying the BLACKHOLE community if the announced prefix
is covered by a shorter prefix for which the neighboring network is
authorized to advertise.", there is an option to make this MUST, but
networks choosing not to (or being unable to) filter may ignore this
anyway.
it is the combination of well-known and transitive that is deadly.
You are exaggerating with the phrase "deadly". It seems we have ventured
into a subjective phase of the discussion "i dont like it" vs "i think
it is useful". Some disagreement is fine, in -02 of the draft the
intended status was lowered to "Informational".
Kind regards,
Job