RIPE 89 Routing Working Group Minutes
RIPE 89 - Routing Working Group Minutes
Date: Thursday, 31 October 14:00 - 15:30 (UTC+1)
Chairs: Ignas Bagdonas, Ben Cartwright-Cox, Paul Hoogsteder
Scribe: Tim Bruijnzeels
Status: Draft
View the stenography transcripts
1. Introduction
The presentation is available at:
https://ripe89.ripe.net/archives/video/1520
The chairs opened the meeting. Unfortunately, the planned talk by Job Snijders had to be cancelled due to sickness. Ben Cartwright-Cox invited all participants to rate the talks and participate in the meetecho poll for the new chair selection planned for the end of the session.
2. Agree to Disagree
Johann Schlamp, Leitwertt
The presentation is available at:
https://ripe89.ripe.net/archives/video/1522
Johann Schlamp presented “Agree to Disagree” - on the current state of BGP parsing. This started with a minor headache related to weird routes that needed a closer look, which ended up in the implementation of a new MRT parser which was then compared to other MRT parsers in existence. Rather than advocating one “best” MRT parser, Johann focused on understanding the challenges in parsing and differences between parsers.
Tom Strickx, Cloudflare, asked what data sources were used for the analysis. Johann clarified that he used RIS, Routeviews and Packet Clearing House data collected on a single day for multiple days throughout the year.
Emile Aben, RIPE NCC, asked if Johan had an idea about how route collector projects could record capabilities. Johann said that he had several ideas, one of which would be to store table dumps, updates and peer capabilities separately with a timestamp and update them when needed, and suggested that he and Emile talk about this and other options offline.
Andrey Leskin, Qrator, asked how Johann tackled the parsing issues raised in his own parser implementation. Johann replied that there are 100s of design decision points for parsers and that these are documented as comments in the code, but that ideally such decisions would be documented clearly to users in a standard way for different parsers.
3. RIPE RPKI Update
Tim Bruijnzeels, RIPE NCC
The presentation is available at:
https://ripe89.ripe.net/archives/video/1524
Tim Bruijnzeels presented “RIPE RPKI Update”. First, he gave an update on the RPKI dashboard that was recently deployed. Then he spoke about the SOC 2 Type I assurance report for the RIPE NCC RPKI service. The major part of the presentation focussed on a description of the RPKI processes and infrastructure. The presentation ended with a short overview of planned future work.
Silvan Gebhardt, Openfactory GmbH, asked for the RPKI Dashboard overview to not show any red text in case the number of issues to look at was 0.
Ben Cartwright-Cox, BGP tools, asked whether the RIPE NCC as part of their cloud strategy was considering moving the RPKI HSMs into the cloud. Tim responded that there are no plans to move the core RPKI infrastructure into the cloud and the cloud (CDNs) are only used for public RPKI repository data.
Randy Bush, IIJ and Arrcus, thanked Tim and the RIPE NCC for the transparency.
Ignas Bagdonas asked what contingency is in place in case of issues with the offline Trust Anchor laptop or HSM. Tim responded that signing sessions are planned roughly 1 month before the manifest or CRL would expire, and that in case of a problem with the laptop or HSM new hardware can be set up in time.
Cynthia Revström, Iver, asked about the contingency plans for the backups, card and hardware in case of a calamity at the RIPE NCC office. Tim responded that it depends on the magnitude of the calamity: the hardware (laptop and HSM) are kept in the office, but the operator cards are kept by staff at home. So as long as the calamity is limited to the office location the RIPE NCC can recover.
4. Bad Packets Come Back, Worse Ones Don’t
Petros Gigis, University College London
The presentation is available at:
https://ripe89.ripe.net/archives/video/1525
Petros Gigis presented “Bad Packets Come Back, Worse Ones Don’t”. He introduced a technique for distinguishing legitimate versus spoofed traffic that might indicate BGP hijacks, route leaks or suboptimal paths. The technique is based on dropping a small number of TCP packets on a closed-loop flow and is implemented by a proof of concept tool called “Penny”.
Alexander Azimov, Yango, asked for clarifications about the dropping of packets. Petros responded that only a small fraction of TCP packets are dropped in cases where traffic is suspected to be suspicious, that precautions are taken to avoid TCP backoff and that SYN packets are not dropped.
Alexis Lemaire, cegedim.cloud, commented that spoofed IP TCP packets are normally seen in amplification attacks and not in closed loops. Petros clarified that the aim is to detect spoofed traffic on a possible closed loop flow, where the path is possible. Yannis Nikolopoulos, cellmobile, asked “what if there is no incoming TCP traffic to drop?”. Petros replied that they thought about this in relation to QUIC, but the problem here is that packages are encrypted. He then indicated that a possible more aggressive approach could be to drop the first QUIC packet to force a TCP fallback.
5. Co-chair Replacement Election
The Routing-WG co-chairs
The presentation is available at:
https://ripe89.ripe.net/archives/video/1528
Paul Hoogsteder announced during RIPE 88 that he would step down as co-chair after the RIPE 89 Routing Working Group session. Before this session a call went out to the mailing list asking people to contact the current co-chairs if they were interested in joining as co-chairs. Two candidates stepped forward:
Antonios Chariton (Cisco)
Sebastian Becker (Deutsche Telekom AG)
Paul invited both candidates to present themselves to the working group and then asked the working group members to participate in the meetecho poll to express their preference during the next five minutes. After five minutes the result from the poll was announced: Antonius 31 and Sebastian 41. Sebastian was announced as the new Routing WG co-chair.