North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Using unallocated address space
On Thu, Feb 15, 2001 at 01:16:29PM -0800, [email protected] wrote: > > > Cool, speeding tickets for people with 10Gbps links in production today. > "if you route, don't drink. if you drink, don't route." > We don't need a "police force" per se as much as a functionary who, on > behalf of the paying membership of the registry, tries to establish > (e.g., with a phone call! or some email!) whether the announcement > is a question of simple, honest misconfiguration or misunderstanding, > or whether it's deliberate. Moreover, with another couple of > phone calls (or email), a deliberately bad announcer can talk with > the network(s) immediately upstream from a deliberate bad-announcer > and suggest that the membership as a whole would appreciate the > installation of strict filters against the bad announcer. > i agree that a setup as described here could have it's place.. i'm warning against the "hang `em high" attitude that was being proposed in earlier posts... that isn't to say i don't still have misgivings about such a system, just that your proposal seems much more sane. some sort of education and intervention system makes more sense than a blackhole for any perceived offense approach... > If that produces no results, rat out the source and its immediate > upstreams to the whole membership. > > | and the offending party will announce 32 /23s.. what will this solve? > > Great, so we know that the offending party is not only deliberately > announcing bogus data into the routing system, but actually _disrupting_ > it. This is what real-life police are for. > perhaps this example was a little disingenuous on my part.. perhaps a better example would be: what happens when people just announce 32 /23s instead of 2 /19s to make it harder to blackhole... indeed, if people are announcing the /23s right off the bat, it's harder to prove that they are being malicious(tho it might not be as hard to prove that they're idiots :-).. > Sean. On Fri, Feb 16, 2001 at 03:46:29PM +0100, Daniel Karrenberg wrote: > > In principle this is a good idea. However I suspect that the effort involved > in getting to the right people at the announcing AS and/or their up-stream > peers is "not negligible". So this can easily become a serious effort. > i agree, as the "right people" in this case would not only have to be good network engineers, but also good at communicating with others AND relatively immune to politics.... > As a person somehow connected to the registry system ;-) I would be interested > to hear privately from ISPs whether they would like such a service and > -more importantly- whether they would be prepared to put procedures in place > by which the registries can reliably reach knowledgeable routing engineers > that have the task of tracking down such problems as well as the resources and > authority to do so. > i think for something like this to work well, it would have to be somewhat separate from the individual registries... > Daniel michael -- e: [email protected] c: +1.614.260.6716 u: www.ele-mental.org Wir fahr'n fahr'n fahr'n auf der Autobahn
|