North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Operational Issues with

  • From: Vadim Antonov
  • Date: Tue Dec 10 09:27:56 2002

On Tue, 10 Dec 2002, Stephen J. Wilcox wrote:

> > The better way of dealing with the problem of bogus routes is strong
> > authentication of the actual routing updates, whith key being allocated 
> > together with the address block.  Solves unused address space reclaimation 
> > problem, too - when the key expires, it becomes unroutable.
> Of course, who would maintain the key databases and do you mean every route
> would need a key with the central registrar or would it be carved up to eg
> authority on /8 level or lir level which could be /22s.. seems at some point you
> still have to go back to a central resource and if you dont have a single
> resource you make it complicated?

There's a big difference: address allocation (and key distribution) is
off-line, and is not involved in operation of the routing system.
Its failure doesn't cause network malfunction, just aggravation of new

OTOH, invalid RADB data can easily prevent network from operating, on a 
massive scale.