1 / 6

draft-ietf-grow- filtering-threats -02

draft-ietf-grow- filtering-threats -02. Camilo Cardona, IMDEA Networks Institute Pierre Francois, IMDEA Networks Institute Paolo Lucente , Cisco. Executive summary. If you filter more specific BGP prefixes of others, or

rea
Download Presentation

draft-ietf-grow- filtering-threats -02

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. draft-ietf-grow-filtering-threats-02 Camilo Cardona, IMDEA Networks Institute Pierre Francois, IMDEA Networks Institute Paolo Lucente, Cisco

  2. Executive summary • If you • filter more specific BGP prefixes of others, or • use communities to trigger selective propagation of your BGP paths to more specific prefixes, • the transit policy of someone in your AS neighborhood may get violated, • without black-holing of traffic • Someone ends up offering free rides through his infrastructure without anyone complaining

  3. So what can we do? • Technically enforce the respect of your policies • Analyzed to be difficult • Leads to black-holing when facing the situation • Carefully filter / tag paths • Need to be aware of the risks • Monitor your network • Let the policy violation happen, react to it

  4. History • Presented at IETF a long time ago, • Advised to present to operators • Presented at RIPE, got hallway feedback • “It happened to me” / “I did it” • “I do filtering and tag my paths with communities to do TE, I’d be ashamed if it would lead to policy violation at my peers” • Met Paolo • Provided a tool to detect policy violations in your network • Working Group doc at GROW

  5. Status • In last call but no more comments received • Added Paolo as a co-author ( He should have been from day one :-S ) • Let’s try to close this?

  6. Comments or questions? On the grow mailing list! Thank you

More Related