This article is the last of a three-part series where I compare and contrast the IRR and SIDR security models as well as discuss how we can get closer as an industry to securing the Internet’s routing system. It was first published on the APNIC blog . APNIC (Asia Pacific Network Information Centre) is an open, membership-based, not-for-profit organization. It is one of five Regional Internet Registries (RIRs) charged with ensuring the fair distribution and responsible management of IP addresses and related resources.
This article is the last of a three-part series where I compare and contrast the IRR and SIDR security models as well as discuss how we can get closer as an industry to securing the Internet’s routing system. It was first published on the APNIC blog. APNIC (Asia Pacific Network Information Centre) is an open, membership-based, not-for-profit organization. It is one of five Regional Internet Registries (RIRs) charged with ensuring the fair distribution and responsible management of IP addresses and related resources.
In Part 2 of this series, I outlined the weaknesses of the IRR model. Here’s what I think we need to do to avoid those shortcoming in the SIDR model. When we worked on the IRR model, most invalid announcements, despite the great harm they caused, were accidental mistakes. Security incidents are becoming more frequent and definitely much more malicious. However, it is easy to look at these incidents as “somebody else’s problem.” That is until you are the one being attacked and it is too late at that moment to secure it. Hence, we must act and secure the Internet’s the routing now.
I am disappointed to say I don’t have a recipe for success. I can only provide our insight and several trade-offs. As I mention in both of my previous articles in this series, we are not simply dealing with a technical challenge but with economic and social challenges as well. I hope this entry helps address some of the social challenges by raising awareness of the importance of securing the Internet’s routing.
Andrei Robachevsky at ISOC and others are taking on the social challenge big time. He is bringing operators together and asking them to sign a routing manifesto known as The Mutually Agreed Norms for Routing Security (MANRS). Andrei, in his APRICOT talk, states that by participating in MANRS, a service provider commits to best practices such as: preventing propagation of incorrect BGP routing information; preventing traffic with spoofed source IP addresses; and agreeing to coordination and collaboration among participants by keeping their contact information and policy objects accurate in registries.
He has already signed up tens of service providers around the globe to participate and is looking for more. Both he and I hope that the more service providers sign up, the more adoption will accelerate.
Regional and local registries have been big advocates of deploying security models as well. They provide tutorials on the subject during network operators meetings such as APRICOT, APNIC, RIPE, and NANOG. These materials are also available online.
On the economic front, if we are dealing with the “tragedy of the commons” phenomena that I mentioned in Part 2, do we need regulation? Or can we get to the critical mass with social advocating and arm-twisting? The Internet does not have a central governing body to do any regulation (though some international organizations are seeking this authority). Regulation often slows down innovation; and because of this I rather avoid it. However, either we will reach critical deployment of a security model, or we will reach a critical number of malicious attacks. If we reach the latter first, I suspect regulation might be on our horizon!
Personally, I would like to see the SIDR model succeed. The IRR model is 20 years old now, making it older than the World Wide Web. It has not been adopted well and is full of stale data. However, the SIDR model’s success relies on the feasibility of running BGPSec in routers. Some worry about the cryptographic computational needs of running BGPSec and still consider the IRR model as the viable alternative. I would like to see if the issues around BGPSec can be fixed before we do that. If we cannot fix them, we need to see if we can perhaps build a hybrid model or if we need to enhance the IRR model to bring it to the 21st century.