|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Defeating DoS Attacks Through Accountability
Daniel Senie wrote: >I'm not sure you're being clear. If someone has portable /24 or /16, and >does NOT do their own BGP, but contracts with ONE ISP to do that >advertisement. How do other ISPs know that ISP has permission? We could >point to the RADB, but it's chock full of bogus data. We could point to >ARIN, but their database just says the owner of the net in question is >whomever it is. Those who own that space have a legitimate right to use >that space, so telling them to get ISP-provided space is a non-starter. If an ISP customer of mine wants me to statically route to them a block of space that one of their customers owns, I require authorization from their customer - the entity to which the block in question has been delegated - saying that my customer (their provider) is permitted to route a certain block. The authorization must come from the delegated organization, but it can be provided (relayed) to me by my customer. It could be part of an engineering sheet that's been signed by the downstream, for all I care. It works the same way if you replace "statically route to them" with "not filter annoumcements from them for." Essentially, I want my customer to call me up and say "I don't own this block but my customer does, I've just FAXed you authorization from her saying that we are allowed to announce part of her block." I then get on the phone with my upstreams and ask them to relax their filters a bit, and furnish any authorizaiton necessary (which they unfortunately typically don't require). Once I've added the route or lifted the filter, though, there's no way for me verify that the status of the block has not changed unless someone challenges it. The current system was built around trust - my upstreams trust me not to maliciously want to announce blocks I'm not entitled to announce, and filter only to prevent me from shooting myself and others in the feet. The requirement for having filters explicitly modified at least means that fingers can be pointed if something is screwed up, but the implicit trust means that some clown can blackhole 198.41.0.0/23 for at least a little while, long enough to cause the a disruption. >I agree it's a problem in need of a proper solution. The solution has to >account for portable address space not owned by providers. In addition to permitting further delegations of "ownership" of address space, perhaps allocation authorities should also provide a mechanism for delegating routability from an owner to its upstreams. Such a system would provide a more-or-less central database to check when a request for a new route is made and to validate existing routes against. Of course nobody would use such a system unless it was required, and once again, the requirement has to come from the top - the major NSP players - and "trickle down" to the end networks. Mark
|