North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: [doable?] peer filtering (was Re: Trusting BGP sessions)
Title: RE: [doable?] peer filtering (was Re: Trusting BGP sessions) If I'm understanding, Sean's suggesting a two-tier system: 1) Providers tell each other, in an administratively-verifiable manner, what routes they have authorization to announce; 2) From moment to moment, the routes that come in across BGP are filtered on a provider-by-provider basis against the information that was shared in the administratively-verifiable manner. The 'administratively verifiable manner' could be a registry, or it could be an automated mailing list that all network operators could subscribe to that required digital signatures on each update, or it could be anything else. The simplest form would be a registry that only accepted secure updates from the people authorized to update their part of it, and a registry oversight that ensured compliance with Internet and legal policy. (i.e., "No one is allowed to advertise routes through their network to other networks unless they have a routing or peering relationship with the other networks in question." and, "Routing and peering relationships between networks shall be noted in this registry.") My personal belief is that there needs to be one person at each network operations center who knows (and is told) everything about what's going on related to this, and should have a large percentage of his/her time blocked out to "Maintaining Internet Routing Relationships" -- and that it should become a matter of course that if this function is not performed properly, that tertiary and carrier networks should not be held responsible for filtering out any routing based on 'stale data' (in this case, we could define 'stale data' to be 28 days old, or some arbitrary number). This would require, of course, the ability for a 'registry refresh' command to be issued by an organization's Routing Liaison to update the last-checked times for -all- entries owned by that organization. It would also require the ability for that title to arbitrarily change hands. (The larger issue is, "can a Registry be created such that it is easy enough to use that people will be willing to use it, that it is responsive enough to advertise changes in a quick manner, that is flexible enough to understand and take action on all the non-standard problems that people will come up with, and which is able to be legally and contractually bound to perform those duties in an accountable fashion?") -Mat Butler -----Original Message-----
No I'm not suggesting basing it on what a provider is currently
If you want asymetric routes, you can register and authorize traffic
On Wed, 15 November 2000, "Bora Akyol" wrote:
|