Routing Area Open Meeting (rtgarea) IETF 98 (Chicago, IL) =============================================================================== Area Directors: Alia Atlas (akatlas@juniper.net) Deborah Brungard (db3546@att.com) Alvaro Retana (aretana@cisco.com) Area Secretary: Jonathan Hardwick (jonathan.hardwick@metaswitch.com) Wiki: https://trac.tools.ietf.org/area/rtg/trac/wiki/WikiStart Scribe: Jonathan Hardwick (jonathan.hardwick@metaswitch.com) Location: Zurich E/F, Swissotel Chicago, IL, USA Time: March 30, 2017, 0900-1130 (9:00am-11:30am) ------------------------------------------------------------------------------- 1. Administrivia ---------------- Alvaro Retana: No WGs closed or new WGs chartered. Alvaro Retana: ROLL is re-chartered. Alvaro Retana: Please volunteer to review documents. Please review at least one document from outside your WG. Alia Atlas: Your reviews are an indication of interest and also help the ADs not to have to fix docs that were only read by the authors. It also encourages others to review your documents. Deborah Brungard: The IESG like to see mailing list discussion of docs that are being pushed through. If there is none then that can draw criticism. Alvaro Retana: Please think - in your WGs - about whether we are ready for IPv6 only networks. How do we transition from v4 or dual-stack to v6 only? That is where we are going and we don't want to wait for the last minute. Not only about enabling v6 only support but making sure we can transition there. Alvaro Retana: Please read the note well and the RFCs which it references, which Alia assures us are "fascinating". Chris Hopps: Wasn't there an attempt to shrink the note-well to smaller size? Alia Atlas: Yes, but the old one is still in use. Alvaro Retana: The important thing is not size but that people read it. Alia Atlas: A couple of points about alternative ways of working in the IETF that we have been experimenting with. 1) In NVO3, we have been getting away from presentation style meetings. Instead we have been having small group discussions, breaking into 3 or 4 different groups then reconvening to talk about it. Please talk to Matthew Bocci who is NVO3 chair for more information. Or, come to the next NVO3 meeting. 2) Another experiment is IETF Hubs for remote participation in Boston and Bangalore; getting together with other IETFers and meeting up locally. Talk to Alia for more details. ------------------------------------------------------------------------------- 2. ANRP Winner Talk I Jumpstarting BGP Security with Path-End Validation -------------------------------------------------- Yossi Gilad Uma Chunduri: Are you updating BGPSec for this? Yossi Gilad: No. Uma Chunduri: So how do you get the path end info to all the routers? Yossi Gilad: Similar to RPKI - deploy a host machine which syncs with our repositories, downloads everything then configures the routers. Uma Chunduri: Instead you can sign the next hop too, right? Yossi Gilad: You would sign in the repository. Uma Chunduri: If the cache is not in all places, then it is better to sign next hop. Yossi Gilad: Our mechanism works off the critical path. You sync with the host ahead of time. Uma Chunduri: There is an advantage if you change BGPSec to sign the last hop router. Jeff Haas: Idea of using AS graph to do authentication has been around >20 years. E.g. RPSL. It's just a matter of getting a clean source of data. Russ White did this first - SOBGP. It's not a bad idea - it keeps routers from lying. I am sceptical of the results in your graph based on these prior talks - you should take a look at them. But I am enthusiastic that your graphs do make this look better than BGPSec. Yossi Gilad: You are considering what would happen if the top 100 ISPs adopt? Consider if they adopt BGPSec instead. The chance to get a full BGPSec path is very low. Jeff Haas: That is expected - BGPSec roll out is expected to be in islands of adjacent ASs - validation would be first couple of ASes only. Sandy Murphy: On one of first slides it says that RPKI maps an IP prefix to the organization that owns it. But RPKI RFC does not use those terms. Yossi Gilad: I simplified. Sandy Murphy: The needed information is available in the RIR database, you don't need RPKI. Please don't use those terms because people will dismiss RPKI as not the right thing. It also doesn't map prefixes to the owning AS. It maps a prefix to the AS that is authorized to announce it. Sandy Murphy: You say its a change to the message format with a new optional transitive attribute. That's not a change to message format. There is a change to AS path which might be considered a change to message format. But these are not passed to non-BGPsec speakers so there is no interop problem. Sandy Murphy: You said that BGP legacy is allowed - what does that mean? Yossi Gilad: You are allowed to send old-style BGP messages without BGPSec. It's the best partial deployment scenario you could hope for. You can fall back to unsecured BGP. Sandy Murphy: How do you represent the legacy BGP speakers in your simulation if everyone is doing BGPSec? Why would anyone ever send BGP in this simulation? Yossi Gilad: Because an attacker advertises in BGP. Sandy Murphy: Your results will be sensitive to the number of ASes sending BGP and this should be explored. Carlos Martinez: What changes are needed to my provisioning system as an operator? Yossi Gilad: You need a way to integrate with the database host and to configure your routers. A change to the RPKI protocol would be the best way. Also you can use existing interfaces as we did in our simulation. Ruediger Volk: I repeat all the comments already made on using precise language. Ruediger Volk: In your models, what policies did you assume the participants would be using? Yossi Gilad: We assumed that customer routes would be preferred over peer routes. Ruediger Volk: And although you allow customers to insert unsecure announcements, you still say you will prefer fake announcements? Yossi Gilad: This is a partial adoption scenario. It is the best you can do. We wanted to bound what you would get under partial adoption. Ruediger Volk: I think that the policies in use will be different in practice - at least for some operators, it will be different. Sandy Murphy: What would need to be done to put this into operation - would router vendors need to change the way that they evaluate updates? Yossi Gilad: No. We used the existing ACL interfaces. Sandy Murphy: So use AS Path filter? OK Sandy Murphy: Deployment model for BGPSec - in SIDR we argued over whether you should be able to do partial path signing. The bad thing about doing this is that it allows attackers to construct any path they want and sign it. This opens an attack vector. Yossi Gilad: That's not the case here. Acee Lindem: It would be tenable to sign the last hop, but with 2-hop signing the permutations start to explode. BGPSec is a generalized solution with individual signing for everyone in path whereas with this you would have do it for all permutations. How many permutations did you see in your simulation? Yossi Gilad: You have misunderstood. We only did it with the last hop. Acee Lindem: But I saw 2-hop somewhere in the slides. Yossi Gilad: We were only pointing out that it would be difficult. ??: Who is allowed to create this new object - only the prefix owner? Yossi Gilad: Yes. ??: So in an AS-SET that I do not own, I can establish a peering session only if I update that object? Yossi Gilad: You would have a certificate for that AS number. You use the same key you would use to sign the next hop in BGPSEc today. ??: That doesn't answer my question. Let's take it offline. ------------------------------------------------------------------------------- 3. ANRP Winner Talk II BGPStream: A Software Framework for Live and Historical BGP Data Analysis ------------------------------------------------------------------------- Alistair King Sandy Murphy: Do you have reports on the study you mentioned about prefix hijacking? Alistair King: Nope. Project is in earlier stages. Sandy Murphy: The slide that talked about GAR and new AS announcement - a reference to a history of routing? You are keeping some sort of time sequence? But then another slide said you were not keeping data. Alistair King: In that case we are retaining the full archive of data. The framework points users at where the route use archive keeps that data. Sandy Murphy: One of the problems with prefix hijacking analysis is anomaly detection. So this looks helpful. ??: I think this is useful. I collaborated with some people on this before. If I recall, it was tricky, unless you want a vast amount of data, to know what data to look at. Is there a better way to index or filter the data? Alistair King: Good idea, will look into it. ------------------------------------------------------------------------------- 4. Working Group and BoF Reports -------------------------------- 4.1 Routing Directorate Report ------------------------------ Jon Hardwick Jon Hardwick: Please welcome Amy Ye, working with me as the new routing directorate coordinator. Jeff Tantsura: We need a way to be able to change the deadline for early reviews. It is currently immutable. Jon Hardwick: Agree - will feed back to tools guys. Andy Malis: It is not clear whether the "last call" button means WG last call or IETF last call. Jon Hardwick: It means IETF last call. I'll feed it back to the tools guys. Jeff Haas: It would be good to generalize this system so that we can flag items for the attention of other groups of experts besides the RTGDIR - for example IANA expert review groups, chairs of specific WGs. Alvaro Retana: Please raise a ticket with the tools team. Sue Hares: We can add comments into the review request form. Can we use this in the short term to make special requests? Jon Hardwick: Yes. Alvaro Retana: Thanks to all our routing directorate members. *applause* 4.2 WG Chair Reports -------------------- No comments. 4.3 Open Discussion / Any other business ---------------------------------------- Jeff Tantsura: We are going to produce new recommendations on how YANG modules should be structured for config versus state. But it's only for new models so please don't panic. Alia Atlas: We are encouraging the WG chairs to move their YANG modules along. We are aiming to make recommendations that still allow us to get the YANG modules done in the intended time frame. Alia Atlas: Should we look at having a longer meeting time on Friday? Chris Hopps: If my WG had to meet on Friday every IETF then I might object, but I don't expect to lose many people from ISIS on this occasion. Stewart Bryant: Do whatever it takes - meet Fridays, Sundays, whatever. I am concerned about the number of significant overlaps. Many of us have diverse interests. We need to do better at de-conflicting. Alvaro Retana: You missed the chairs lunch where we discussed conflicts. We tried to formalize how to declare conflicts. We need a clearer view of what conflicts to avoid when scheduling. Stephanie explained how scheduling was done. The routing area has the most meeting requests and the most conflicts. The conflicts need to be expressed more consistently. Currently WGs don't always name each other consistently as conflicts. Stewart Bryant: A related issue is that there is no slack space in the agenda, which makes side meetings very difficult to schedule, and effectively eliminates my ability to each breakfast and lunch. Alvaro Retana: Room availability etc. varies per venue. Andy Malis: We need to know about Friday meetings long enough in advance to allow us to adjust our airplane reservations and other travel plans. Chris Hopps: Can we survey people to find out when they leave? Alia Atlas: Good idea. Sandy Murphy: Can / should we use github to prepare routing area reports? Alia Atlas: Version control speeds things up. Github also has a good aspect of outreach - but does that apply much in routing? Sandy Murphy: One concern I have as a WG chair is that, if comments are arriving both in WG list and also in github, it will be harder to track them. Alia Atlas: You can have github forward comments to the mailing list. But that could be too large a volume to the list. Stewart Bryant: Could there be a public list of side meetings that are going on? Alia Atlas: We are talking about it - but this could be abused as a way to over-claim contributions and interest. -------------------------------------------------------------------------------