Fwd: [bcop] Abstract of the MANRS BCOP
As discussed in the BCOP TF meeting on Monday, we want to inform the Routing WG on the status of the MANRS (https://www.manrs.org/manrs/) and the MANRS Abstract BCOP. MANRS have been presented a number of times at the BCOP TF and at the Routing WG. The actual MANRS guidelines are published on the manrs.org website, but the BCOP TF had the opinion that a RIPE series document has value as a static reference to the MANRS. With the community input and feedback an extended abstract has been written down (see attachment). Last year August the BCOP TF announced and closed the last call for comments on the MANRS Extended Abstract on the BCOP mailing list bcop@ripe.net. Somewhat delayed, we want announce on the Routing WG mailing list the last call for this document with a time window of two weeks (until June 1st). Thank you and best regards, Jan Zorz & Benno Overeinder -------- Forwarded Message -------- Subject: Re: [bcop] Abstract of the MANRS BCOP Date: Tue, 22 Aug 2017 15:44:12 +0200 From: Benno Overeinder <benno@NLnetLabs.nl> To: BCOP Task Force <bcop@ripe.net> CC: Jan Zorz - Go6 <jan@go6.si> This reminder is directed to the BCOP TF mailing list subscribers. In the BCOP TF meeting we announced a period of last comments on the extended MANRS BCOP abstract draft and to publish this as a RIPE document. We want to close the comments period in two weeks and move the draft further in the process to make it a RIPE document. Note that the draft is an abstract of the MANRS BCOP and references the full MANRS BCOP that includes examples and can be extended in the future. The MANRS extended abstract published as a RIPE document will be a stable document. Best regards, — Benno
On 8 May 2017, at 13:31, Andrei Robachevsky <robachevsky@isoc.org> wrote:
Hi,
The final version of the MANRS BCOP has been published on the MANRS website: https://www.manrs.org/bcop/. Both a PDF and an online versions are available.
However, to bring the bcop process to an official closure, chairs suggested that instead of publishing the MANRS BCOP as a RIPE document, that might be too constrained, we publish just an abstract. And once the BCOP global repository is in place, we can put it there in whatever format is most convenient.
I am attaching the abstract for your review and comments.
Regards,
Andrei <20170508-MANRS-BCOP-abstract.txt><20170508-MANRS-BCOP-abstract.docx>
-- Benno J. Overeinder NLnet Labs http://www.nlnetlabs.nl/
On 17/05/2018 17:02, Benno Overeinder wrote: Maybe I'm missing it when reading the website and the BCOP but where does it state to *not *allow /25 or more specifics? The entire reason for MANRS is to prevent route hijacking. An ISP that allows /25s or /26s to be leaked will easily circumvent all filters and protections put in place since the /25 will override the /24 that most of us filter on. Without it specifically stated, we can't come to an ISP that just announced 1000 /25s and tell them they did something wrong. Cuz it doesn't appear anywhere in our BCOP. Please clue me in as to what I am missing since the way it looks now, it doesn't do what it is supposed to do. Thanks, Hank
As discussed in the BCOP TF meeting on Monday, we want to inform the Routing WG on the status of the MANRS (https://www.manrs.org/manrs/) and the MANRS Abstract BCOP.
MANRS have been presented a number of times at the BCOP TF and at the Routing WG. The actual MANRS guidelines are published on the manrs.org website, but the BCOP TF had the opinion that a RIPE series document has value as a static reference to the MANRS. With the community input and feedback an extended abstract has been written down (see attachment).
Last year August the BCOP TF announced and closed the last call for comments on the MANRS Extended Abstract on the BCOP mailing list bcop@ripe.net. Somewhat delayed, we want announce on the Routing WG mailing list the last call for this document with a time window of two weeks (until June 1st).
Thank you and best regards,
Jan Zorz & Benno Overeinder
-------- Forwarded Message -------- Subject: Re: [bcop] Abstract of the MANRS BCOP Date: Tue, 22 Aug 2017 15:44:12 +0200 From: Benno Overeinder <benno@NLnetLabs.nl> To: BCOP Task Force <bcop@ripe.net> CC: Jan Zorz - Go6 <jan@go6.si>
This reminder is directed to the BCOP TF mailing list subscribers.
In the BCOP TF meeting we announced a period of last comments on the extended MANRS BCOP abstract draft and to publish this as a RIPE document. We want to close the comments period in two weeks and move the draft further in the process to make it a RIPE document. Note that the draft is an abstract of the MANRS BCOP and references the full MANRS BCOP that includes examples and can be extended in the future. The MANRS extended abstract published as a RIPE document will be a stable document.
Best regards,
— Benno
On 8 May 2017, at 13:31, Andrei Robachevsky <robachevsky@isoc.org> wrote:
Hi,
The final version of the MANRS BCOP has been published on the MANRS website: https://www.manrs.org/bcop/. Both a PDF and an online versions are available.
However, to bring the bcop process to an official closure, chairs suggested that instead of publishing the MANRS BCOP as a RIPE document, that might be too constrained, we publish just an abstract. And once the BCOP global repository is in place, we can put it there in whatever format is most convenient.
I am attaching the abstract for your review and comments.
Regards,
Andrei <20170508-MANRS-BCOP-abstract.txt><20170508-MANRS-BCOP-abstract.docx>
On Thu, May 17, 2018 at 07:16:34PM +0300, Hank Nussbacher wrote:
On 17/05/2018 17:02, Benno Overeinder wrote:
Maybe I'm missing it when reading the website and the BCOP but where does it state to *not *allow /25 or more specifics?
If someone registers a /25, and announces it, and the RPKI ROA allows it, then what is the problem? :-) - Job
If someone registers a /25, and announces it, and the RPKI ROA allows it, then what is the problem? :-)
with ipv4 run-out, this day will come
On 28/05/2018 14:53, Job Snijders wrote:
On Thu, May 17, 2018 at 07:16:34PM +0300, Hank Nussbacher wrote:
On 17/05/2018 17:02, Benno Overeinder wrote:
Maybe I'm missing it when reading the website and the BCOP but where does it state to *not *allow /25 or more specifics? If someone registers a /25, and announces it, and the RPKI ROA allows it, then what is the problem? :-)
- Job
I am not talking about a registered /25. I am talking about someone hijacking your /24 or your /21 by announcing a bunch of /25s. -Hank
On 28/05/2018 14:53, Job Snijders wrote:
On Thu, May 17, 2018 at 07:16:34PM +0300, Hank Nussbacher wrote:
On 17/05/2018 17:02, Benno Overeinder wrote:
Maybe I'm missing it when reading the website and the BCOP but where does it state to *not *allow /25 or more specifics? If someone registers a /25, and announces it, and the RPKI ROA allows it, then what is the problem? :-)
- Job
I am not talking about a registered /25. I am talking about someone hijacking your /24 or your /21 by announcing a bunch of /25s.Â
That shouldn't get far because they can't create the ROA. You SHOULD NOT filter all /25s (or /26s or /27s) as some of these have been assigned by RIPE NCC. Paul.
On Tue, May 29, 2018 at 09:03:48AM +0300, Hank Nussbacher wrote:
On 28/05/2018 14:53, Job Snijders wrote:
On Thu, May 17, 2018 at 07:16:34PM +0300, Hank Nussbacher wrote:
On 17/05/2018 17:02, Benno Overeinder wrote:
Maybe I'm missing it when reading the website and the BCOP but where does it state to *not *allow /25 or more specifics?
If someone registers a /25, and announces it, and the RPKI ROA allows it, then what is the problem? :-)
I am not talking about a registered /25. I am talking about someone hijacking your /24 or your /21 by announcing a bunch of /25s.
I'm pretty sure the MANRS documentation suggests that you should not accept & propagate hijacked prefixes (regardless of prefix length). Kind regards, Job
Thank you all for the discussion and feedback.
From the email thread we conclude there are no principal objections and close the LC.
Best regards, Jan Zorz & Benno Overeinder On 29/05/2018 15:12, Job Snijders wrote:
On Tue, May 29, 2018 at 09:03:48AM +0300, Hank Nussbacher wrote:
On 28/05/2018 14:53, Job Snijders wrote:
On Thu, May 17, 2018 at 07:16:34PM +0300, Hank Nussbacher wrote:
On 17/05/2018 17:02, Benno Overeinder wrote:
Maybe I'm missing it when reading the website and the BCOP but where does it state to *not *allow /25 or more specifics?
If someone registers a /25, and announces it, and the RPKI ROA allows it, then what is the problem? :-)
I am not talking about a registered /25. I am talking about someone hijacking your /24 or your /21 by announcing a bunch of /25s.
I'm pretty sure the MANRS documentation suggests that you should not accept & propagate hijacked prefixes (regardless of prefix length).
Kind regards,
Job
-- Benno J. Overeinder NLnet Labs https://www.nlnetlabs.nl/
ExterNetworks Inc. is a <a href="http://www.extnoc.com/" target="_blank">managed it service providers </a>since 2001. We provide End-to-end solutions featuring Design, Deployment and 24/7 IT support. Battle-tested and performance-proven professionals down the street and around the world give us capacity that is unequalled. With offices around the world, more than 500 full-time employees and over 1000 field technicians, we deploy help and solutions in a hurry. Sent via RIPE Forum -- https://www.ripe.net/participate/mail/forum
participants (6)
-
Benno Overeinder -
Hank Nussbacher -
Job Snijders -
Paul Hoogsteder -
ramya sri -
Randy Bush