[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: draft-ietf-opsec-infrastructure-security-01 - Infrastructure Hiding

To: Tony Rall <trall@almaden.ibm.com>
Subject: Re: draft-ietf-opsec-infrastructure-security-01 - Infrastructure Hiding
From: Pekka Savola <pekkas@netcore.fi>
Date: Thu, 3 May 2007 08:43:32 +0300 (EEST)
Cc: opsec@ops.ietf.org
In-reply-to: <OFF10CF944.4151EF4B-ON882572C9.007EC458-882572C9.008389B5@us.ibm.com>
References: <OFF10CF944.4151EF4B-ON882572C9.007EC458-882572C9.008389B5@us.ibm.com>

On Thu, 26 Apr 2007, Tony Rall wrote:

  "Hiding the infrastructure of the network provides one layer of
  protection to the devices that make up the network core."

Please reconsider.  Not only does this whole section provide no better
than weak protection, it violates numerous suggestions and mandates in
other RFCs.

...

I have stated this before,but I'll have to say I'll agree with a lotof Tony's comments.

In September 2006 Donald Smith said as follows about this documentafter the previous round of comments and discussion why this shouldbe BCP instead of Informational:


  "If its not done as a BCP it will be harder to get some ISPs to
   adopt. Some of the features in this draft will prevent your network
   elements from becoming reflectors in a dos attack and therefore
   general adoption is better for the internet at large."

Which is (IMHO) exactly the backwards logic. "Best Current" practiceshould come first, and when it has been deployed wide enough and thereare no obvious bad effects, it shouldn't need the power of 'BCP' tocoerce others to deploy networks in a similar manner.

Further in the thread, people have stated that most of thesetechniques have already been deployed in many large provider networks.Could you please name a couple? I'd like to run traceroute etc.through them to see if my requirements (as a customer of said transitoperators) for usability are being met or not.

I could imagine that it could be possible to hide some infrastructurein a manner that doesn't __necessarily__ hurt the users very badly,but as shown by this thread, the understanding of what infrastructurehiding means (just iBGP loopback addresses vs everything includinginterface addresses as an example) implies that there's likely stillsome work to do.


--
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

Follow-Ups:
- RE: draft-ietf-opsec-infrastructure-security-01 - InfrastructureHiding
  - From: "Smith, Donald" <Donald.Smith@qwest.com>
- Re: draft-ietf-opsec-infrastructure-security-01 - Infrastructure Hiding
  - From: Roland Dobbins <rdobbins@cisco.com>

References:
- draft-ietf-opsec-infrastructure-security-01 - Infrastructure Hiding
  - From: Tony Rall <trall@almaden.ibm.com>

Prev by Date: RE: draft-ietf-opsec-infrastructure-security-01 - Infrastructure Hiding
Next by Date: Re: draft-ietf-opsec-infrastructure-security-01 - Infrastructure Hiding
Previous by thread: RE: draft-ietf-opsec-infrastructure-security-01 additional comments
Next by thread: Re: draft-ietf-opsec-infrastructure-security-01 - Infrastructure Hiding
Index(es):
- Date
- Thread