[ih] Exterior Gateway Protocol

Joseph Touch touch at strayalpha.com
Fri Sep 4 11:06:04 PDT 2020



> On Sep 4, 2020, at 8:29 AM, tony.li at tony.li wrote:
> 
>>> Most of the symptoms that you cite are all a result of the lack of a workable security architecture. A problem that pervades the entire stack, even to this day.
>> 
>> Were it not for the TCP-to-BGPpath correlation, BGP security could be completely supported elsewhere, e.g., by signing the individual routes. Even if there were a deployable solution to those signatures, TCP connection vulnerability still requires MD5, AO, or IPsec — or an override in the config to NOT correlate TCP sustainability with path viability. 
> 
> Sorry, but that’s provably incorrect.  As we’ve seen with other protocols the transport mechanism must be secured as well, not just the contents. We have authentication in OSPF hellos and IS-IS IIHs for this reason.

The only reason the transport needs securing is if BGP infers anything from its headers or the fact that it is up.

The endpoints of the information inside the connection need not correlate to the TCP addresses or ports, so that’s not needed, If BGP didn’t tear down a route when TCP went down, it wouldn’t matter per se how many times TCP connections were dropped or why as long as SOME of the route info came through.

Joe


More information about the Internet-history mailing list