North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Has PSI been assigned network 1?
Hank, Enduser filtering (CERN) is in principle completely different from what we (might if not possible else) do: I am not supposed to filter anything between meetpoints and customers, because I agree to some people who pay for it to provide Internet access. I would filter nothing at all (curretnly do filter nothing), which does not mean that my suport hosts and networks are open. Filtering comes alo into place when customers want only access between certain networks, but in general NSPs/ISPs are not supposed to filter at all. Routing is different. We filter routing updates (not access filters) to accelerate BGP convergence. We filter what we announce to the outside world (of course not all the trash we get in). That is not that fast paced changing data since the provider-provider structure is rather stable. And we don't need to nacr for each small 2 node attachment either, so I see no big workload there. Why must the NACR process be so responsive? Mike On Thu, 20 Apr 1995, Hank Nussbacher wrote: > On Wed, 19 Apr 1995 18:49:39 -0400 you said: > >>telent info.ripe.net to test it out. > > > >RIPE database does not control the actual routing. > > > >I'm not sure the current RADB project has any mention > >of real-time updates of gated from the database. > `With dozens of updates we do every day it nearly as good > >as useless. > > CERN (as an example) picks up my routing updates daily and builds its > new access filter based on mine and others routing updates. I'm not > sure you want realtime updates to the actual routing. In any event, > it is an improvement over the time lag of NACR updates. > > >>It should be secure. > > > >>I use a password on all AS updates to AS378. > > > >You call *that* secure? We have way too many people who > >need to do changes for our AS-es. Check the contact > >list for AS1800. > > You can assign as many users as you wish to control specific ASs. > Currently it checks my email address and password. No match - > and the maintainer of the AS gets a warning mail about the attempt > to alter the routing within my AS - and I have gotten warning > e-mails already. Adding in PGP authentication should not be too > hard if it is not done already. > > >If i can't implement my existing policy, i cannot use RADB, ok? > > > >(Well, we _will_ use it -- to talk to people whose announcements > >are loaded with garbadge). We simply cannot use it to talk > >to major service providers because policies in place cannot > >be represented in RIPE-81. > > So speak to the authors and get it improved. > > >--vadim > > Hank > -------------------------------------------------------------------------------- Michael F. Nittmann [email protected] Network Architect [email protected] B3 Corporation, Marshfield, WI (CIX Member) (715) 387 1700 xt. 158 US Cyber (SM), Washington DC (715) 573 2448 (715) 831 7922 --------------------------------------------------------------------------------
|