Home page logo

nanog logo nanog mailing list archives

Re: So -- what did happen to Panix?
From: Michael.Dillon () btradianz com
Date: Mon, 6 Feb 2006 09:43:57 +0000

Other networks have no such incentive, since their transit providers 
and peers either build their filters in other ways, or don't filter 
at all.

There is nothing wrong with building your filter in
some other way, however, that does not mean that you
cannot validate your filters against the IRR and take
some action on mismatches. For instance you could email
the prefix owners about the mismatch and ask them to
update the IRR.

Wherever there is a lack of incentive to keep records accurate, we 
can probably safely assume that they are either missing or stale.

Yes. Without regular validation or auditing of data,
it does not stay up to date.

It's probably fair to say that if all the large, default-free 
carriers insisted that their customers submitted their routes to the 
IRR, then every route would be registered. This would not completely 
address the problem of stale data, though.

It's a good start. Perhaps if we decouple the idea of an IRR
from "building filters" more people will see the usefulness
of a distributed repository of information against which
they can validate (cryptographically or otherwise) their
routing data.

Right now the secure BGP protocols require a network to
climb the hurdles of cryptographic certification in order
to participate. A revised and renewed IRR can lower that
barrier so that people can participate even before they
implement cryptographic signing and certification.

The IRR is a loosely-connected collection of route registries, all 
run by different people. Data originating in one database is 
frequently found to be mirrored in other databases, but not in any 
great systematic fashion.

If the networking community can't solve the problem
of managing the distributed route registries in a systematic
fashion, then how can it implement one of the secure BGP proposals?

--Michael Dillon

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]