philip bridge on Wed, 08 Apr 1998 20:08:03 +0100 said:
It seems that the current state of the IRR and the supporting tools are
in general simply too complex for a lot of people to get to grips with
... which includes me - we build ours manually
To familarize with the IRR and the supporting tools, Sunday before next
two nanogs, there will be a IRR/RPSL/RAToolSet tutorials. We will send an
official announcement very soon about it.
Cengiz
Cengiz,
That is of course laudible. But the point has to be made that AS8584 is in
Israel. In an environment when a small ISP in a small country can cause a
lot of damage to the global Internet, a way has to be found to efficiently
propogate this knowledge far and wide.
Phil
I believe that the implication was that: 1) they're not directly
connected to any of the major _US_ backbones, and 2) they're on the
other end of a fairly thin hose.
And they can _still_ hose things this badly.
This speaks not well of the architecture involved.
Cheers,
-- jra
Not to speak for Mr. Bridge, but I believe the point is that if this can
be done by someone in Israel, it can also be done by someone in say, Iraq.
'Mr. Hussein, can you tell us why your ISP is announcing the entire Internet?'
'Relax! Take a load off! Don't worry about it!'
IOW, if some terrorist group manages to get set up where they can announce
BGP, they can toy essentially with whatever they like, until people/their
upstream gets a clue and installs filters.
-dalvenjah
IOW, if some terrorist group manages to get set up where they can announce
BGP, they can toy essentially with whatever they like, until people/their
upstream gets a clue and installs filters.
before we get too hysterical, it may be worth noting that to date the
problems have been caused by lack of clue, not lack of ethics, morals,
or empathy. not that this is reason less for caution, but it might
guide our reaction towards the actual, as opposed to imagined, problems.
randy
On Thu, Apr 09, 1998 at 08:51:00PM -0700, Randy Bush put this into my mailbox:
> IOW, if some terrorist group manages to get set up where they can announce
> BGP, they can toy essentially with whatever they like, until people/their
> upstream gets a clue and installs filters.before we get too hysterical, it may be worth noting that to date the
problems have been caused by lack of clue, not lack of ethics, morals,
or empathy. not that this is reason less for caution, but it might
guide our reaction towards the actual, as opposed to imagined, problems.
Point taken. However, whether it's Joe Terrorist or Joe Cluebie that
actually causes the problems, you're still going to get bombarded with
calls like 'I can't get to www.playboy.com! the internet is broken! fix it!'.
Intent doesn't really matter. The fact remains that it's possible for
someone to screw up the rest of the internet. This doesn't mean that
a quick decision on what to do about it needs to be reached; it does
however mean that a *good* decision on what to do about it and how to
prevent the problem needs to be reached.
(My intent was not to panic, but to make aware.)
-dalvenjah
Intent doesn't really matter. The fact remains that it's possible for
someone to screw up the rest of the internet. This doesn't mean that
a quick decision on what to do about it needs to be reached; it does
however mean that a *good* decision on what to do about it and how to
prevent the problem needs to be reached.
Look, it think its happened to all of us. Its 4am, your pager goes off and
you have a message that someone in Boliva is announcing your /16. Or even
worse, its 4am, you just got to sleep and your pager goes off and you
announced someone in Boliva's /16. You wake up and fix it.
Having strong filters on what routes you will and will not accept from
your downstreams is important - so Joe Terrorist or Joe Halfaclue can't
screw up and cause you trouble. Generally if the people doing the bulk of
the route trading are managing things well this shouldn't be a problem
and we'll all continue to live with the possibility that we'll be woken up
in the middle of the night for minor and friendly glitches.
I agree that filters are useful. However, I think it is missing half of the
problem if you simply assume that moving the configuration problem into the
filters doesn't still remain a problem.
For example, recently we added a new transit customer, and asked UUNet (who
we have been very happy with despite this incident) to add their aggregates
to their prefix filters for us. They did so, but a couple of weeks later we
cleared the BGP session to make changes in our inbound route policy, and
noticed we were getting almost no inbound traffic from them. Checking at
the various looking glasses, it was obvious that UUNet was only accepting
routes from us for this new transit customer (ie, they had replaced our
existing filters with the new aggregates rather than appending them to the
list). It took 14 hours to get them to understand what the problem was and
to correct it.
I'm not saying that filtering prefixes isn't a good safety net, but what I
am saying is that you are simply moving the configuration problems to a
different place. Granted, the scope of who is affected by an error is
generally much smaller, but the root of the problem is manual configuration.
We have never had a similar problem with MCI, and they build the filters
from the IRR. As long as our route objects (and those of ASes we provide
transit for) are correct, the filters on our BGP session are correct.
John Tamplin Traveller Information Services
jat@Traveller.COM 2104 West Ferry Way
205/883-4233x7007 Huntsville, AL 35801
This isn't entirely true. I know of several cases (and they have been
discussed on this list) where bogus routes have been announced with either
malicious, unethical or immoral intentions. Case 1: bogus announcement to
bring down Cyberpromo (this may have occured more than once). Case 2: bogus
announcements of unallocated space to bypass spam filters, and avoid
identification. Both of these cases were probably done to technically (at
least nominally) clueful people who were generally authorized to advertise
new routes.
I suspect a real terrorist action would be dealt with more quickly.
Perhaps the regularity of hosage means that a terrorist action wouldn't
really have much effect, so perhaps there isn't too much to worry about.
(terrorists don't attack trains that derail on a weekly basis anyway, and
China Air has never had a terrorist threat...)
But whatever the solution, it can probably be taken advantage of by the
multitude of authorized people. What is needed is better auditing so that
the people who make the mistakes, either honestly or on purpose, are
punished appropriately for their mistakes. Punishment must work
internationally. Perhaps what we need is a UN Internet Tribunal.
--Dean
In article <3.0.3.32.19980409083628.03cebbe8@mailhost.ip-plus.net>,
That is of course laudible. But the point has to be made that AS8584 is in
Israel. In an environment when a small ISP in a small country can cause a
lot of damage to the global Internet, a way has to be found to efficiently
propogate this knowledge far and wide.I don't understand this point. Would you have been happier if they
were a small ISP in the United States? How about India? Finland?
Why does it matter that AS8584 is in Israel?
No, no, no. The point I was trying to make is that doing a tutorial on the
IRR toolset at a Nanog meeting will not propogate the knowledge about how
to prevent these meltdowns with those tools far enough and wide enough. If
you do not like the example of Israel, how about Switzerland, which is even
smaller and happens to be where I live and work. How many multihomed,
BGP-speaking ISPs do you think fly from Switzerland to Nanog meetings? The
same goes for RIPE meetings or APNIC meetings. The techniques to prevent
these meltdowns *have* to be easily implementable and well understood by
the vast majority of ISPs, both big and small.
