Home page logo
/

nanog logo nanog mailing list archives

Re: So -- what did happen to Panix?
From: Josh Karlin <karlinjf () cs unm edu>
Date: Fri, 27 Jan 2006 07:46:52 -0700


Wouldn't a well-operated network of IRRs used by 95% of
network operators be able to meet all three of your
requirements?

-certified prefix ownership
-certified AS path ownership
-dynamic changes to the above two items

It seems to me that most of the pieces needed to do
this already exist. RPSL, IRR softwares, regional
addressing authorities (RIRs). If there are to be
certified AS paths in a central database this also
opens the door to special arrangements for AS path
routing that go beyond peering, i.e. agreements with
the peers of your peers.


Hasn't that been said for years?  Wouldn't perfect IRRs be great?  I
couldn't agree more.  But in the meanwhile, why not protect your own
ISP by delaying possible misconfigurations.    Our proposed delay does
*not* affect reachability, if the only route left is suspicious, it
will be chosen regardless.  If you are changing providers, which takes
awhile anyway, just advertise both for a day and you have no problems.
 Or, if you are concerned about speed, simply withdraw one and the new
one will have to be used.  If you are anycasting the prefix and a new
origin pops up that your view has not seen before, then you might have
a temporary load balance issue, but there is absolutely no guarantee
of what routers many hops away from you will see anyway.

Josh


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]