North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: So -- what did happen to Panix?

  • From: Josh Karlin
  • Date: Fri Jan 27 09:50:08 2006
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=YwN70nbujp9Z3cY4fKVU6jR63XjKXwVRNKjB7X5DXg8llnnrDWc7DJ9HBDQRC1cYqI+eqJYCalWVhBrG3WqCIwWMJ3pYUG8DS+myK0c0MOSX62/t5aEz4r3Qhd/AE+Ub/UjmXIbpwr34kCqo7tCZin5rfz0M/1REshWXIl5ZwoA=
> Wouldn't a well-operated network of IRRs used by 95% of
> network operators be able to meet all three of your
> requirements?
>
> -certified prefix ownership
> -certified AS path ownership
> -dynamic changes to the above two items
>
> It seems to me that most of the pieces needed to do
> this already exist. RPSL, IRR softwares, regional
> addressing authorities (RIRs). If there are to be
> certified AS paths in a central database this also
> opens the door to special arrangements for AS path
> routing that go beyond peering, i.e. agreements with
> the peers of your peers.


Hasn't that been said for years?  Wouldn't perfect IRRs be great?  I
couldn't agree more.  But in the meanwhile, why not protect your own
ISP by delaying possible misconfigurations.    Our proposed delay does
*not* affect reachability, if the only route left is suspicious, it
will be chosen regardless.  If you are changing providers, which takes
awhile anyway, just advertise both for a day and you have no problems.
 Or, if you are concerned about speed, simply withdraw one and the new
one will have to be used.  If you are anycasting the prefix and a new
origin pops up that your view has not seen before, then you might have
a temporary load balance issue, but there is absolutely no guarantee
of what routers many hops away from you will see anyway.

Josh