Why are errors happening, and what to do?


Ad hoc process, intrinsic vulnerabilities
Example: Filtering is rarely (if ever) done correctly.                                       (ask me for a copy of recent analysis 
                               of bogon advertisements)
Solution: Automation; build validity into BGP (e.g., S-BGP).

Obscure mechanisms
Example: iBGP signaling partitions
Solution: Redesign intra-AS route propagation
                              (ask me for a copy of my proposal)

Indirect specification
Example: Incorrect implementation of information flow policies
Solution: Better configuration languages