North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: [doable?] peer filtering (was Re: Trusting BGP sessions)
At 15:02 15/11/00, Kevin Oberman wrote: >Since Sprint and UUnet don't seem to be willing to provide information >in the IRR to allow us to generate access-lists/policies, and not >peering with these folks would be a Bad Idea(tm), so we can't quite >filter everyone. (If I could figure out a way to get them to register, >I'd have fun trying, though.) Excellent point. The main deployment limitation of any of the schemes proposed for enhanced authentication of prefix advertisements appears to be the unwillingness of certain major ISPs to provide authenticated information about which prefixes that service provider claims to be providing service for. The Routing Registries would be one way to make that data available, however the folks who don't want to participate in the RRs also seem uncomfortable providing the same data via some other method that can be authenticated. Offhand, I don't know which service providers have this reluctance. Its clear that at least some major service providers do have such a reluctance. Until resolved, this will be a significant deployment hindrance for better methods (e.g. S-BGP or the other proposed approaches) of protecting against inaccurate/false/accidental prefix advertisements. Sigh. Ran [email protected] DISCLAIMER: Speaking for myself here, not my employer. Flames to /dev/null please.