North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Routing Registries...

  • From: Bradley Reynolds
  • Date: Mon Feb 09 15:18:00 1998

> Exactly there is 3 types of the neighbours:
> - trusted (for example, I hope MCI should be trusted for everyone; you 
> can't build access filter for it);

Not according to two of the presentations at nanog.  Of course,
being too lazy to ask the question, I remained in my seat :).  
Anyways, both the IOPS proposal and origin authentication 
assume that you are going to be looking up a hefty
amount of routes against either an RR database or some
dns tree to validate that the information that you
are receiving is correct.  Caching or not, this is not 
a good way to go about solving the problem (if it even
exists on a large scale... Paul may have some information
about spammers doing this?)  

> - we get info from RIPE or some other DBA (usially it's some peers);
> - we maintain routing info ourself (customers and some small ISP here).

Generally, our response is to use the routing registries to 
build policy from the customer end (i.e. ensuring that 
our customers are doing the right thing).   That way, 
we will not be responsible for any prefixes injected into
the global routing table.  Our upstreams as well make some
attempt to verify that our information is correct (though
it may be only through as path access lists.  I think that this
is the best solution to the problems talked about today.  
Ensure that you are not the problem and eventually the 
clue factor will propogate around the network (though it
seems to have a really slow convergence time :).  If
everyone ensured that neither they nor their customers 
are responsible for the problems, the world would be that
much a better place.  I'll stop the idealistic crusade now, but
it would be nice..


brad reynolds
[email protected]