NTAC Peering Working Group

[Karl Newell <>]

Good points David and Michael.  They remind me of part of the discussion we 
had during the WG meeting at TechEx.  While most agreed with efforts on this 
front, they also felt that the connectors are the best place for 
implementation.  So how do we foster that?  What can Internet2 do to help?  
Getting back to Grover’s suggestion to turn on uRPF and log, we can use that 
data to inform the community.  There was also discussion of something like 
the I2 Innovation Platform but for security; connectors that commit agree to 
BCP38/uRPF, RPKI, and there was mention of a third item but I don’t recall 
what it was.  Would people support this effort and sign on?

Karl

--
Karl Newell
Cyberinfrastructure Security Engineer
Internet2
520-344-0459

On 11/6/17, 9:17 AM, 
"
 on behalf of Michael H Lambert" 
<
 on behalf of 
>
 wrote:

    > On 6 Nov 2017, at 10:54, David Farmer 
<>
 wrote:
    > 
    > So a question, how do we communicate this going forward as we interact 
with more and more people? I'm worried some will just see this as an effort 
to apply a traffic security policy on the Internet2 backbone. 
    
    I think the primary targets/victims/beneficiaries of this process should 
be the connectors.  To me, it makes much more sense for them to be filtering 
their members on ingress, especially since BCP38 does tend to crop up in 
various NSF solicitations.  If Internet2 does the filtering, it can hide 
these downstream issues.  It is appropriate for Internet2 to identify 
"offending" traffic, but once it has been identified, the connector should be 
encouraged/cajoled/shamed to fix the problem.
    
    International peers are another matter.  One would hope that they would 
have similar policies.
    
    Michael