On Apr 6, 2020, at 5:25 PM, Richard Laager <[log in to unmask]> wrote:

On 4/6/20 5:17 PM, Andrew Hoyos wrote:
This came up in two different conversations in June and January (per
mice-discuss archives)
I think the concern here is that the route servers aren’t doing IRR
filtering of members yet.
I agree 100% with the approach below, but with one caveat - we need to
be filtering members on the route servers first via IRR.
Otherwise, nothing preventing a member from advertising a /32 tagged
with a blackhole community of 8.8.8.8, or another member’s IP address.

Nothing is stopping me from announcing 8.8.8.0/24 right now, right?

I agree, that’s true in the current scenario. Nothing preventing you from doing that towards the route servers.

As it stands right now, though, we wouldn’t necessarily have to accept that route, and we’d have local control to reject/block or filter your ASN, drop RPKI invalid prefixes, etc, and to react as we please (ie: operational processes to fix the issue without reliance on MICE intervention, and without completely dropping our route server sessions). 

Or perhaps folks are already doing self-generated prefix lists and actions towards route server prefixes already (we, for example, passively keep an eye on ASNs/IRR data vs routes learned from MICE route servers).

In short, we’ve got tools to deal, if you do.

I agree that the IRR filtering is important, but is that absolutely
necessary here?

In the case we enable a RTBH community without strict filtering, we’ve taken the control out of the members hands, and put a powerful tool in any members hands with no regard to security.

Say someone does do something nefarious, or inadvertent that breaks something important? How quickly can it be fixed, who can fix it, etc, etc? Operational processes become a lot more important. The fix on a members side is a lot more intrusive (ie: turn down port), and the impact is much greater (blackholed across entire IX fabric - and potentially also affecting bilateral peering traffic). 

I think it’d be extremely irresponsible of MICE, and I’m vehemently opposed to enabling RTBH on the route servers or fabric, without first having the proper tools in place to ensure it can be used sanely and securely (IRR based filtering + route server looking glass).

My $0.02…

Andrew Hoyos
[log in to unmask]






To unsubscribe from the MICE-DISCUSS list, click the following link:
http://lists.iphouse.net/cgi-bin/wa?SUBED1=MICE-DISCUSS&A=1