Skip to Content.
Sympa Menu

ren-routing-security - [REN-Routing-Security] Aug 16 Wrap Up: Routing Security WG

Subject: REN Routing Security

List archive

[REN-Routing-Security] Aug 16 Wrap Up: Routing Security WG


Chronological Thread 
  • From: Anita Nikolich <>
  • To: "" <>
  • Subject: [REN-Routing-Security] Aug 16 Wrap Up: Routing Security WG
  • Date: Mon, 20 Aug 2018 18:37:28 +0000
  • Accept-language: en-US
  • Authentication-results: internet2.edu; dkim=none (message not signed) header.d=none;internet2.edu; dmarc=none action=none header.from=internet2.edu;
  • Ironport-phdr: 9a23:CBVrhRXZk/Q/Qs4Izea6C6tMGvrV8LGtZVwlr6E/grcLSJyIuqrYZRSGu6dThVPEFb/W9+hDw7KP9fy4BipYud6oizMrSNR0TRgLiMEbzUQLIfWuLgnFFsPsdDEwB89YVVVorDmROElRH9viNRWJ+iXhpTEdFQ/iOgVrO+/7BpDdj9it1+C15pbffxhEiCCybL9uLhi6txndutULioZ+N6g9zQfErGFVcOpM32NoIlyTnxf45siu+ZNo7jpdtfE8+cNeSKv2Z6s3Q6BWAzQgKGA1+dbktQLfQguV53sTSXsZnxxVCAXY9h76X5Pxsizntuph3SSRIMP7QawoVTmk8qxmTgLjhiUaOD4j6GzZitJ+gr9HoByvpBJ/wpLbb46OOfVkYq/RYckXSXZdUstRUSFKH4Oyb5EID+oEJetVs4/9p1oSrRSkGAKiHOLvyjxPhn/y3K01z+QhGhzB0QM6GdIOsXfUrNLxNKcTTe+1zLLFzTTFb/NKxzj98o7IfQ49of2SR75/b9feyVQ2Gg7Dk16ep4vlPzaP2eQMtWiW9+tgVeSzi2E5sQFxpCagxtsyhoXTmI0a103E+CNky4g2Pd21UFB3bsS4HJdNsiyWKpZ6Tt4nTmFmtys21qEKtJu5cScUyJkr2hvSZvmZf4SU5h/vTOicLDRiiH54ZL6yiAy+/Vavx+DyTMW4zVJHoyldntnCqH8A1ADf582CR/Rh8Uqs2DiC2gXS5+5ZJU04iK/WJp0/zrMzipUetFnMEyDylUjyiqKda18q9fKy6+v9Z7Xrvp+cOJFwigH5KqkggtCyD+MkPgUORmSV9+Oy2bP68U3+W7pFkOc6kq7EsJDGPssbobO5AwlI3Yo58xa/FTCm0MgGknYbMFJFeRWHj47zN1HJPfD4EfO/g1OrkDdo3fzJIrrhApDVInjClrfuY6p95lZCxAUp0dxT+pdZBqwcLP7uX0LxutPVAgMlPwGxwevoFtVw2p4bVG+KHKOVLKffvUeN5u01IumMYIEVuCz6K/gg//Phl3k5mV4efamu2ZsXaWy3HvR9LkWYZ3rsnskOEX0MvgUgUOzmlkeOXiBOaHavR648/C00CJq6DYffQYCgmKaB0zm9HpFPfGBGDU2MEWvpd4WCVPcAcTmSLdF9nTwZT7ihSpMh1BG1uQ/+yrpnNfbU+jYGuZ751dh14fHTmg8o9TxyEcudz3+BQ3tqkWwVWj9llJx49AZnx1HGy69ln/1eGplI6vhUSAYmJLbdyfB3Edb/RliHc9uUAh7yWNigRCs2U84wxdBLeEt2Bs+jkgHr3iy2DqUTmqDRQpE47/SP8WL2IpNUzXfa3eEHjlohRspENSXyj6h+9A/XBoXJu0Sfi6uwc6kAhmjA+HrVnjnGh11RTAMlCfaNZnsYfEaD9Y6jtErfU7+jD6gmOQJdyMmEb7FHccDtkU4fHqexOdLCbni3lnvqQxuE2+DEYInrfjAb2yPQQAgBnhsI9HmLfQ45Gm+6om3YATAvcDCnY07l/eRk7n/uSEgywlKLaVFszby45kRTiPCBGLsf27ses3InrDN5VF+2w9PRDY+GoAxsGccUYd407Fpdk2zDsAkoP5q8Irpki0JENQl7ohDj
  • Spamdiagnosticoutput: 1:0

REN Routing Security Wrap Up Aug 16 2018 10 AM CT

Thank you for almost the entire working group attending the final meeting and giving some great input! Please tell me if I captured something incorrectly below. Thanks to so many of you for implementing or starting to implement MANRS.


Though this group wrapped up, don't forget there is an Internet2 Security Working Group. And don't forget the routing security workshop on Monday October 15th at Tech Exchange in Orlando. Finally, if you have any feedback or suggestions on routing security please email myself and/or Paul Howell.



Agenda:

1.      I2 update on MANRS and ARTEMIS.

       Internet2 in process of implementing #1-3 of MANRS by end of 2018.

       Developer of ARTEMIS (UCSD) has put in I2 as one of the early adopters of ARTEMIS as part of an NSF grant submission. If awarded, assistance in setting up would be funded by the grant.

2.      Input for NGI planning from both members and collaborators such as other NRENs. Desire to continue the group or merge with other groups (ie use the Security WG for this purpose) to provide input to NGI planning with regard to routing security & embedded security?


Feedback on call:

    1. Embed security into automation tools.
    2. Could updated prefix lists have some automation?
    3. If an I2 member joins MANRS, I2 should offer monitoring as a service for free as an incentive. BGPMON for example. Or RADB.
    4. How to incentivize MANRS submissions? Create a MANRS dashboard for I2 members. 
    5. The MANRS Observatory has good date. As more I2 members join, can extract peer pressure for others to join.
    6. RIPE has a BGP visualization tool that can pull stats – to shows if you comply with MANRS.
    7. Geant pushed it as part of doing best practice on a technical level. AARnet has been doing it for last 10 years! CENIC – good to have exec sponsorship to recognize the importance to carve out responsibilities!
    8. (Geant/Rick) What we are doing now is a snapshot in time for MANRS. What about an annual or bi-annual certification? (AARNET/Warrick) Best practices change often, so an iterative process.
    9. (CENIC/John Dundas) MANRS (ISOC) can provide an incentive if they published a list of who’s working on it and who's in process of implementing. Can I2 or ISOC show this on a webpage?

3.      Other hot topics from the community? What would you like to see at TechX?

    1. (Warrick) FlowSpec as a security tool to help with attacks.


Member MANRS status:

Any lessons learned from those who’ve implemented it? Things to share with the community?

GWU (Andrew) had push back from ISOC on quality of data in IRR. Feedback on RPSL from ISOC: ISOC not requiring it but would like to see it published. Quality of data in IRR is bad – 3rd party data not good.
Should ask ISOC that if you’re going to run an IRR data source that if you accept 3rd party data, you should treat as a customer. 

       ESnet (Dale) – longer term, deprecate non registry IRRs. What can community do? Speak louder with one voice as I2! Put pressure on them!


Member Status from Secure Routing WG:


GWU                     Yes

CAAREN               Yes

KANREN               Yes

SOX                        Stiill considering

OARnet                 MANRS #1-3 achievable - #4 not practical nor RPKI. May join as IXP. Might be first in US

CENIC                  By 2018. Pac Wave in negotiations.

UMichigan          TBD

NCREN/MCNC    Intent to do it– RPKI was a huge hurdle

MERIT                   In process.

CEN                        In progress. Fall completion.

WiscNet               Yes

ESnet                    Yes

Geant                   Yes

AARNET               Yes

SURFNET              Yes  (not in WG)

NORDUNet          Yes  (not in WG)

I2                            In progress

 

 

Routing Security WG Members: 

Andrew Gallo 

Brad Fleming 

Bob Stovall 

Bram Peeters 

Cas D'Angelo 

Dale Carder 

Eric Boyd 

John Dundas 

Mark Beadles 

Mark Johnson 

Michael Milliken 

Matt Valenzisi  

Rick Havern 

Ryan Kocsondy 

Warrick Mitchell  

Will Black 

 

 



  • [REN-Routing-Security] Aug 16 Wrap Up: Routing Security WG, Anita Nikolich, 08/20/2018

Archive powered by MHonArc 2.6.19.

Top of Page