North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: [doable?] peer filtering (was Re: Trusting BGP sessions)

  • From: Kurt Kayser
  • Date: Thu Nov 16 04:24:13 2000


On Wed, Nov 15, 2000 at 02:50:37PM -0800, Sean Donelan wrote:
> No I'm not suggesting basing it on what a provider is currently 
> advertising.  But rather on what the provider has registered and
> is authorized to announce.  The set of authorized routes may be
> the same or a superset of what the routes the provider is currently
> announcing.
> If you want asymetric routes, you can register and authorize traffic
> via either route; and then dynamically announce which route you want
> to use moment to moment.

How about not storing filter-information in configuration space, rather do
dynamic lookup via directory-lookups (that could driven by RPSL via LDAP ) ?
Since a BGP-update is done just near-real-time a split-second lookup would
certainly not delay the routing-table calculation, but rather provide a
centralized method to maintain policy information.

These things change anyway so fast that accuracy is difficult on daily update
basis. It would also allow very fast elimination of networks that do harmful
things (spam, DOS, etc..)

Kurt Kayser
noris network AG    / Kilianstrasse 142 \ 90425 Nuernberg
Tel. (0911) 9352-0 / Fax (0911) 9352-100 \ [email protected]