Home page logo
/

nanog logo nanog mailing list archives

Re: So -- what did happen to Panix?
From: Todd Underwood <todd-nanog () renesys com>
Date: Fri, 27 Jan 2006 18:50:30 -0500



This is great for the planned changes, but real-time changes to
respond to Internet dynamics won't work well with such delays.  If you
are multi-homed to provide a backup, you would like for it to respond
more quickly than 4-72 hours, I'll bet.  So if you have PI space but not
your own AS, your backup route would look like a novel origination,
but you sure wouldn't want it delayed.

no.

the scheme that josh karlin has been advocating in pretty good bgp
involved only supressing a doubtful announcement when you have a
better, more trusted announcement.  it remains to be seen how hard
this would be to implement in existing systems of "build filters in
configs and push to routers".  this only works obviously well in
systems that centralize route selection and use routers only as
forwarding engines.  that might be a cool idea, but it's not what we
have now.

if you don't use the pgbgp scheme, you can still get the benefits of
being no worse than what we have now.  consider this just a different,
more automatic, more scalable, more secure way of building and
maintaing the prefix filter that we all are supposed to maintaining
already.

i'll be happy to talk to interested parties at nanog in dallas about
this (or almost anything else, expecially if you're buying).

t.

-- 
_____________________________________________________________________
todd underwood
chief of operations & security 
renesys - internet intelligence
todd () renesys com   www.renesys.com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]