Internet Routing Health Measurement Bar BoF

Slides:



Advertisements
Similar presentations
A Threat Model for BGPSEC
Advertisements

A Threat Model for BGPSEC Steve Kent BBN Technologies.
APNIC Update Paul Wilson Director General. Overview Priorities in 2009 IPv4 exhaustion IPv6 deployment Security Internet Governance Priorities in 2010.
RPKI and Routing Security ICANN 44 June Today’s Routing Environment is Insecure Routing is built on mutual trust models Routing auditing requires.
Martin Suchara in collaboration with I. Avramopoulos and J. Rexford How Small Groups Can Secure Interdomain Routing.
An Introduction to Routing Security (and RPKI Tools) Geoff Huston May 2013.
An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.
1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background –" Detection of Invalid Routing Announcement in the Internet" –Open Discussions Thursday.
The Resource Public Key Infrastructure Geoff Huston APNIC.
APNIC eLearning: Intro to RPKI 10 December :30 PM AEST Brisbane (UTC+10)
Working Group #4: Network Security – Best Practices March 6, 2013 Presenters: Rod Rasmussen, Internet Identity Tony Tauber, Comcast WG #4.
Information-Centric Networks04a-1 Week 4 / Paper 1 Open issues in Interdomain Routing: a survey –Marcelo Yannuzzi, Xavier Masip-Bruin, Olivier Bonaventure.
Interdomain Routing Security. How Secure are BGP Security Protocols? Some strange assumptions? – Focused on attracting traffic from as many Ases as possible.
AFRINIC Update Anne-Rachel Inné COO, AFRINIC ARIN 32, Phoenix October 2013.
Status Report SIDR and Origination Validation Geoff Huston SIDR WG, IETF 71 March 2008.
A BCOP document: Implementing MANRS Job Snijders (NTT) Andrei Robachevsky (ISOC)
1 Internet Society Collaborative Security & MANRS ENOG 10 – 14 October 2015, Odessa Maarit Palovirta
BGP Validation Russ White Rule11.us.
Phase 2 of the National Accreditation System (NAS) and your CLC Monica Roberts Regional Accreditation Coordinator Meg Houston National Accreditation Coordinator.
Monitoring & Evaluation Capacity Strengthening Workshop WORKSHOP INTRODUCTION AND OVERVIEW.
The Importance of Whois Accuracy Leslie Nobile
BGPSEC Protocol (From -01 to -02 and on to -03) Matt Lepinski.
A policy framework for an open and trusted Internet
Technical Info, BCOP, DNSSEC Coordination, ION Conferences
20 Years of the RIPE NCC: Where Are We Today?
An assessment framework for Intrusion Prevention System (IPS)
Update on ICANN ERC Negotiations
STRESS TESTS and TAIWAN PEER REVIEW PROCESS
Why IPv6 now? Mathieu Goutelle (CNRS/UREC)
Les Ginsberg Stefano Previdi Peter Psenak Martin Pilka
NOMA Network Operator Measurement Activity
APNIC Open Address Policy Meeting
Beyond Technical Solutions
Addressing 2016 Geoff Huston APNIC.
The uses of data in Fisheries Management
Are We There Yet? On RPKI Deployment and Security
Why the Multistakeholder Approach Works
A commentary on the ITU-T proposal for national address registries for IPv6 Geoff Huston April 2005.
Logical Framework I want to design a project by planning out the logic
Route Servers: An AMS-IX Introspective
Some Thoughts on Integrity in Routing
Working together to improve routing security for all
More Specific Announcements in BGP
Let’s talk about how it’s done!
MANRS IXP Partnership Programme
Measuring routing (in)security
Session Purpose Enhancing Communication Between Food Security Implementers & Policy-Makers/Donors, for mutual understanding & future collaboration.
Identify the laws and guidelines that affect day-to-day use of IT.
IPv6 Deployment Monitoring Survey 2009 Trailer
Chapter 13 Quality Management
MANRS for IXPs Why we did it? What did we do?
Good Morning 1/17/2019.
RIPE October 2005 Geoff Huston APNIC
Why don’t we have a Secure and Trusted Inter-Domain Routing System?
A commentary on the ITU-T proposal for national address registries for IPv6 Geoff Huston April 2005.
PP – Resource Authentication Key ( RAK ) code for third party authentication Presenter : Erik Bais –
Improving global routing security and resilience
Conformity Assessment Approach for Homeland Security
Peering Security DKNOG, March 14-15, 2019 Susan Forney and Walt Wollny
APNIC’s Engagement on Security
Corporate Program Update
FIRST How can MANRS actions prevent incidents .
Baseline Expectations for Trust in Federation
Overview Purpose/ Why they did the work Delivery Learning Outcomes
Update on ICANN ERC Negotiations
A Model For Network Security
MANRS Implementation Guides
Amreesh Phokeer Research Manager AfPIF-10, Mauritius
Validating MANRS of a network
IXP FilterCheck A New Route Analysis Tool for IXPs
Presentation transcript:

Internet Routing Health Measurement Bar BoF 25 October 2017 Internet Routing Health Measurement Bar BoF Sunday, 22 October 2017 Kevin Meynell Content & Resource Manager meynell@isoc.org Presentation title – Client name

Objectives of BoF MANRS (Mutually Assured Norms for Routing Security) is community initiative to promote culture of collaborative responsibility for stability of routing system Defines four concrete actions that network operators should implement: filtering, anti-spoofing, coordination & global validation To discuss ideas for measuring the health of the Internet routing system Aim to develop some empirical data to strengthen the case for collaborative routing security, including indications of good and bad security, and what metrics would accurately reflect this 20 participants at BoF

Summary points Well we didn’t entirely manage to achieve the original objectives of the BoF! The participants saw little purpose in trying to devise metrics to measure the health of the Internet routing system, before identifying why previous and current attempts to address the issue of route leaks, hijacks and general BGP churn were essentially failures Less than 2% of IP prefixes cause 90% of the routing updates, so the problem lies with a relatively small number of ASes The problem with any tool or metrics detecting IP route misconfiguration or hijacking is finding one that doesn’t generate too many false positives Any mechanisms and metrics need to be able to identify leaks and make theft difficult, but must be lightweight enough not to affect basic functioning and scalability of BGP

Consensus: Don’t Shoot the Messenger! Should be recognised that RKPI is not addressing the problem, and should be a neutral and dispassionate analysis of why this mechanism has such limited deployment It was felt BGPsec will also not address the problem, and is not likely to be deployed The discussion should be removed from the IETF and those with existing interests in the development of RPKI and BGPsec, and an analysis undertaken of the vendor and network operator industry. ISOC as an independent and dispassionate third-party was asked to organise a series of stakeholder workshops with (major) vendors and network operators, as well as with the RIR communities. What are their specific concerns, how would they address the problems, and what do they think is the best way to approach the issues? 

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.