Home page logo
/

nanog logo nanog mailing list archives

Re: using IRR tools for BGP route filtering
From: Jeff Haas <jeffhaas () merit edu>
Date: Fri, 23 Jun 2000 15:39:23 -0400


On Fri, Jun 23, 2000 at 12:56:32PM -0500, Mark Borchers wrote:
Are there any plans to correlate route registry objects against 
address registry databases?  

Yes.  RFC 2725 - Routing Policy System Security.

This will provide an authorization mechanism for delegation of
objects.  This includes provisions for "unauhorized" (private)
data in the IRR - its simply tagged differently.

I believe that one of the roots of this thread is the need to validate
the legitimacy of not only routes, but registered route objects.  

Oh believe me, we know. :-)

Although it is too much to expect that route objects will match up
cleanly with address block assignments at the outset, performing 
such a correlation would at least identify the scope of the problem.

I've had some initial conversations with ARIN on getting SWIP information
published in RPSL format (as inet-num objects) minus the contact
information.  Now if someone has an idea for how to represent
allocation lengths for the IP registries in an inet-num object,
I think we can make a lot of people happy.

We will also be talking to RIPE and APNIC about this as work progresses.

Mark Borchers                 Splitrock Services

-- 
Jeffrey Haas - Merit RSng project - jeffhaas () merit edu



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]