mailing list archives
Re: AS8584 taking over the internet
From: Joe Provo - Network Architect <jprovo () ultra net>
Date: Thu, 9 Apr 1998 22:44:50 -0400 (EDT)
I believe that the implication was that: 1) they're not directly
connected to any of the major _US_ backbones, and 2) they're on the
other end of a fairly thin hose.
And they can _still_ hose things this badly.
This speaks not well of the architecture involved.
No, no, it speaks _well_ for the architecture - equal opportunity
hosage! There is no backone-hasage cabale; all that enter into bgp
relationships can have a shot at hurting the net...
- yes, filters are Good. customers, especially if new to complicated
things, should have both as-path and prefix filters placed against
them. the questions to ask oneself regarding peers is "how clueful
are they, really? and do their procedures allow only these clueful
into the boxes? am I willing to tie my performance/reliability/
reputation to theirs in this intimate a fashion? are my bosses
willing to do so? " People like to think in terms of the first
question, not the last two.
- yes, the IRR is good (and yes, their PGP implementation works);
giving third parties the ability to verify your organization's
"routing intent" cannot be construed as bad -- the data is publicly
visible. there's nothing to hide.
- yes, filtering doesn't mean not pushing IRR (or other forms of
distributed data) on folks. IRR (or ...) doesn't mean not trying
to more closely tie authentication/verification vs realtime; present
tools are config-only, which aren't dynamic enough for the real net.
- Re: AS8584 taking over the internet, (continued)