[ih] Exterior Gateway Protocol
Joseph Touch
touch at strayalpha.com
Fri Sep 4 08:16:48 PDT 2020
> On Sep 3, 2020, at 11:03 PM, Tony Li <tony1athome at gmail.com> wrote:
> ..
>> Can you tell us more about what part of BGP’s use of TCP was controversial at the time?
>
> The words “layering violation” were bandied about.
Hmm. I see that, but only as below.
>> I.e., other than the error of linking “this path is up” inside BGP to “TCP is stable over that path”, a decision that required multiple fixes to address (MD5, TCP-AO, RST rejection, and route dampening).
>
> You seem to be confused. A BGP path does not imply TCP stabiility. Only reachability.
BGP paths don’t imply TCP stability, but then TCP stability should never affect whether a BGP path is viable.
> Most of the symptoms that you cite are all a result of the lack of a workable security architecture. A problem that pervades the entire stack, even to this day.
Were it not for the TCP-to-BGPpath correlation, BGP security could be completely supported elsewhere, e.g., by signing the individual routes. Even if there were a deployable solution to those signatures, TCP connection vulnerability still requires MD5, AO, or IPsec — or an override in the config to NOT correlate TCP sustainability with path viability.
Joe
More information about the Internet-history
mailing list