On 1/13/17 2:53 PM, Job Snijders wrote: > On Fri, Jan 13, 2017 at 02:28:23PM -0800, joel jaeggli wrote: >> On 1/13/17 1:54 PM, Marco Marzetti wrote: >>> <rant> >>> Every time one suggests a change related to the IXPs world we spend >>> days arguing if it affects the neutrality and how. Do we really >>> need that? >>> </rant> >>> >>> Anyway, i can't see why IXPs can blackhole traffic (if the >>> destination requests it), but cannot do the same with prefixes. >>> After all if a prefix is invalid the owner requested it to be >>> verified by the other parties. >> In general the consequences for IX operator that either allows it >> customers to attack each other over the exchange route-server or does >> so itself seems severe. Loss of confidence in the disposition of one's >> own routes seems like immediate grounds for depeering. If the routes >> remain afterwards with the short as path; the operator is engaged in >> prefix hijakcing. >> >> I personally find it dubious that I would choose to honor a third >> parties efforts at origin validation if I did not myself validate them >> but a signal from the exchange that it did validate the origin or that >> there an invalid roa floating around is at a minimum very interesting. > I still don't understand how there can be a justification as to why it > would be OK for route servers to redistribute poisonous routes and say > "trust me its OK i added a community!", and we expect some different > behaviour from 'the rest of the AS's'? > > In a case like this > http://mailman.nanog.org/pipermail/nanog/2017-January/089823.html, > assuming a ROA had existed for 206.125.164.0/22, what would've been the > appropiate response from any AS involved (including route servers)? > > A) "its fine, i tagged it with a community and amplified the problem > by propagating it to all my peers" > > B) "the buck stops with me, the invalid route will not be propagated by > me" > > At the very least, i'd prefer the default mode should be a secure mode, > not a 'scientifically interesting' mode. I do wonder about the rational for saying "this is invalid, but here you go"
if I'm validating ROAs and my posture is that I don't accept routes with invalid ROAS then I'm not taking any action on the basis of this community. If I don't validate, I'm not taking any action on the basis of this community. > Kind regards, > > Job >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ GROW mailing list GROW@ietf.org https://www.ietf.org/mailman/listinfo/grow