North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: [doable?] peer filtering (was Re: Trusting BGP sessions)
On Thu, 16 Nov 2000, Kurt Kayser wrote: > > Hi, > > On Wed, Nov 15, 2000 at 02:50:37PM -0800, Sean Donelan wrote: > > > > No I'm not suggesting basing it on what a provider is currently > > advertising. But rather on what the provider has registered and > > is authorized to announce. The set of authorized routes may be > > the same or a superset of what the routes the provider is currently > > announcing. > > > > If you want asymetric routes, you can register and authorize traffic > > via either route; and then dynamically announce which route you want > > to use moment to moment. > > How about not storing filter-information in configuration space, rather do > dynamic lookup via directory-lookups (that could driven by RPSL via LDAP ) ? > Since a BGP-update is done just near-real-time a split-second lookup would > certainly not delay the routing-table calculation, but rather provide a > centralized method to maintain policy information. > > These things change anyway so fast that accuracy is difficult on daily update > basis. It would also allow very fast elimination of networks that do harmful > things (spam, DOS, etc..) > > Kurt Kayser > -- > noris network AG / Kilianstrasse 142 \ 90425 Nuernberg > Tel. (0911) 9352-0 / Fax (0911) 9352-100 \ [email protected] > How do you suppose the router is going to be able to get to the database server? It has to have a route to the database server and until it does, it can not even verify that it should accept that route. --- John Fraizer EnterZone, Inc
|