[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RRG] getting rid of longest match



I agree with Danny.

Most large ISPs are fairly good about maintaining ALC/Prefix-lists that
only allow their customers to advertise routes for space that is correctly
swipped to them.  They know who their customer is. They know to what
company the bill is sent.  They can easily verify the name of the company
(or end user) matches the swip record for the handfull of routes the
customer advertises.

On Peering links the list is too large and changes too often, and usually
includes down stream customer ASes, and their customers and so on...  As a
result it is often difficult to validate this information and manage it.

If you want to fix this problem, ensure that all routes, the ASes that
have the right to originate those routes, and the relationship between
ASes are documented in some authoritative way, by someone who has a
relationship with the AS and can verify the accuracy before any changes
are made to the data.  

This can either be managed by the RIRs, which may be problematic due to
the excessive amount of time and cost involved in acquiring, verifying,
and keeping this data up to date, or by each and every transit provider,
which may be a problem if not all transit providers choose to set up an
Internet Routing Registry, or they do not all have the same level of
security and authentication.  

Furthermore, Not only does the information need to be accurate, but you
have to actually get the transit providers to use this information to
build ALCs/Prefix-lists on Peering points.  

__Jason



==========================================================================
Jason Schiller                                               (703)886.6648
Senior Internet Network Engineer                         fax:(703)886.0512
Public IP Global Network Engineering                       schiller@uu.net
UUNET / Verizon                         jason.schiller@verizonbusiness.com

The good news about having an email address that is twice as long is that
it increases traffic on the Internet.

On Mon, 25 Feb 2008, Danny McPherson wrote:

> The problem here is simply that of a reliable authenticated
> authoritative data source for who owns what - AND operators
> employing that to define routing policies.  If protocols like SBGP
> or soBGP want to build upon that and actually get some traction
> in deployment, great, but the egg here [1] is the data source that
> still doesn't exist.
> 
> [1] http://www.cnn.com/2006/TECH/science/05/26/chicken.egg/
> 
> -danny


--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg