|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Yahoo outage summary
On Mon, Jul 09, 2007 at 04:50:56PM -0400, Joe Abley wrote: > > > On 9-Jul-2007, at 16:13, Jared Mauch wrote: > > > Some have automated systems, but they're dependent on IRR data > > being correct. There are even tools to automate population of IRR data. > > Building customer filters from the IRR seems like it should fall in the > "easy" bucket, given how long people have been doing it, and for how long. > It's the lack of a way to trust the data that's published in the IRR that > always seems to be the stumbling block. -- snip -- > So, if you consider some future world where there are suitably > machine-readable repositories of number resources (e.g. IRRs) are combined > with machine-verifiable certificates affirming a customer's right to use > them, how far out of the woods are we? Or are we going to find out that the > real problem is some fundamental unwillingness to automate this stuff, or > something else? It's that some folks feel entitled to announce routes without registering them. Take ANS vs Sprintlink as the classic example. Not much has changed since then. Nor have the tools evolved significantly. Some vendors still don't get router configuration from tools yet. Try to automate something and it's not easy or impossible. Even the best solutions on the market have some problems when you feed it a 8+Meg config. It takes a lot of cpu time to process that much. There really need to be some (ick, ignore that I suggested this) Web 2.0 IRR tools. Something that can smartly populate an IRR or IRR-like dataset. Something that can be taught to 'learn' what is reasonable. I've seen some cool things that show promise (eg: pretty good bgp), but there's always some interesting drawback. Plus, as Patrick said earlier, (and i generally agree), these types of "attacks" are rare and usually short lived. Even those like the panix situation didn't last very long. Perhaps it's not as important to think about now. - Jared -- Jared Mauch | pgp key available via finger from [email protected] clue++; | http://puck.nether.net/~jared/ My statements are only mine.
|