On Feb 25, 2012, at 7:49 AM, Randy Bush wrote:

> i would love to see progress on the route leak problem.  i do not confuddle 
> it with security.

Availability is a key aspect of security - the most important one, in many 
cases/contexts.  The availability of the control plane itself (i.e., being 
stable/resilient enough to continue doing its job even under various forms of 
duress) as well as the availability of the information about paths it 
propagates in order to allow the routing of transit traffic both fall squarely 
within the rubric of security, IMHO.

The disruption of transit traffic routing often caused by route leaks, as in 
this particular case, has a negative impact of the overall availability of 
affected networks/endpoints/applications/services/data.  However, route leaks 
are only one potential cause of such hits to availability - and while there are 
several BCPs which can and should be adopted in order to protect against 
control-plane disruption, they in many cases honored more in the breach than in 
the observance due to complexity, opex (as is the case with many - some would 
say most - security-related BCPs), and so forth.

The single best thing which could be done to improve the stability/resiliency 
of the control-plane on IP networks in general would be to change the nature of 
the control-plane (not just BGP, but the IGPs, as well) from in-band to 
out-of-band, IMHO.  I know this will probably never happen, but wanted to be 
sure that the point was made in relation to this specific topic for the sake of 
completeness, if nothing else.

-----------------------------------------------------------------------
Roland Dobbins <rdobb...@arbor.net> // <http://www.arbornetworks.com>

          Luck is the residue of opportunity and design.

                       -- John Milton


Reply via email to