|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: route ingress
At 04:13 PM 12/30/97 -0800, Vadim Antonov wrote: >> filters are your friend. filters are your friends' friend. > >Yes, but centralized database is not the answer. For one, it >is liable to be screwed up completely from time to time (that much, >InterNIC experience shows us). It is expensive to maintain; and >the problem of accuracy of the information within is quite acute. >The political implications of a cenrtalized agency are even worse; >i do not think we want a replay of the domain name debate. > >The only real solution is strong cryptographical authentication of >the ownership of routing prefixes. For some reason i do not see >any serious work in that direction being done. > >For now, it may be a good idea for tier-1 providers to adhere to a >procedure similar to that used (or used to be used) by Sprint: no >customer routing information is accepted before customer's border >box configuration passed inspection by Sprint staff. No-nos included >unfiltered redistribution of IGP into BGP and lack of anti-transit AS-path >filters. Vadim, Your policy above is unwise from the perspective that it seems to believe that configuration errors are a one time problem. A more reasonable policy is to help your customers learn how to setup filters properly, and then filter heavily on /your/ router to make certain hat no matter what they do they can't effect either your internal, or external routing. ************************************************************** Justin W. Newton voice: +1-650-482-2840 Senior Network Architect fax: +1-650-482-2844 PRIORI NETWORKS, INC. http://www.priori.net Legislative and Policy Director, ISP/C http://www.ispc.org "The People You Know. The People You Trust." **************************************************************
|