[afnog] Another case for RPKI ?
Bill Woodcock
woody at pch.net
Wed Nov 14 18:33:40 UTC 2018
Mbong has a point. If BGPv4 is the last version of BGP, we might as well write the Internet off as dead now. When the IETF stops working on new protocols, the Internet stops evolving. And for anything that doubles in size every ten and a half months to become static, to fossilize, is to die.
At the same time, it’s equally true that BGPv5 is “not just sitting around.” It’ll take work. By people going to the IETF and doing that work. That’s the problem with the same old (and older and older) people showing up at the IETF every year: very little truly new work gets done. Just old graybeards layering patches over patches over patches on protocols we designed in our twenties.
So. Go to it. Go to the IETF, ignore all the old dudes telling you they’ve seen and done it all before and that nothing you’re doing is necessary, and crank out a BGPv5. Do it for the network operators who will have to keep doubling the size of the network after us crotchety old dudes are safely dead.
-Bill
> On Nov 14, 2018, at 18:56, Job Snijders <job at ntt.net> wrote:
>
> Dear Mbong Hudson Ekwoge,
>
> You no zero technical arguments why you liken RPKI to "patching up an
> already faulty package". I don't think you do justice to RPKI's value
> or to the people deploying RPKI based BGP Origin Validation.
>
> For there to be *any* routing security, in BGP-4 or BGP-5 or
> BGP-never, we *at least* need a database which presents us with an
> overview of what prefix can be originated by what Autonomous System.
> This database must be verifiable, programmatically accessible, and an
> open standard. RPKI meets all these requirements.
>
> I look forward to your proposal for BGP-4's successor!
>
> Kind regards,
>
> Job
>
>> On Wed, Nov 14, 2018 at 6:43 PM Mbong Hudson Ekwoge <hudson at yourvmbg.com> wrote:
>>
>> @Job - what part of my assessment doesn’t sit well with you? For technicality, look at how the native features of BGP led to the mentioned incident. Lastly, the end product of any release will require new code to be written. Just like we came up with IPv6 as a complete replacement for v4, a new version of BGP released will address the “mistakes” of the past while supporting the features which empower new types of workflows.
>>
>>> On Wed, 14 Nov 2018 at 20:54, Job Snijders <job at ntt.net> wrote:
>>>
>>> Dear Mbong Hudson Ekwoge,
>>>
>>>> On Wed, Nov 14, 2018 at 5:44 PM Mbong Hudson Ekwoge <hudson at yourvmbg.com> wrote:
>>>> Implementing RPKI is like patching up an already faulty package. Perhaps it’s time we look into releasing a newer version of BGP with native safeguards put in place to avoid the pitfalls we know of already.
>>>
>>> I disagree with your assessment and would like to see you back this up
>>> with technical arguments. Also note that there is no new version of
>>> BGP laying around. BGP-4 is all we have.
>>>
>>> Kind regards,
>>>
>>> Job
>>
>> --
>> Kind Regards
>> Mbong Hudson Ekwoge
>> Mob: +230 592-86076
>
> _______________________________________________
> afnog mailing list
> https://www.afnog.org/mailman/listinfo/afnog
More information about the afnog
mailing list