Re: Has PSI been assigned network 1?

["Michael F. Nittmann" <nittmann () wis com>]

Hank,

Enduser filtering (CERN) is in principle completely different from what we 
(might if not possible else) do:

I am not supposed to filter anything between meetpoints and customers, 
because I agree to some people who pay for it to provide Internet access.

I would filter nothing at all (curretnly do filter nothing), which does 
not mean that my suport hosts and networks are open. 
Filtering comes alo into place when customers want only access between 
certain networks, 
but                     in general

NSPs/ISPs are not supposed to filter at all.

Routing is different. We filter routing updates (not access filters) to 
accelerate BGP convergence. We filter what we announce to the outside 
world (of course not all the trash we get in).

That is not that fast paced changing data since the provider-provider 
structure is rather stable.

And we don't need to nacr for each small 2 node attachment either, so I 
see no big workload there. 

Why must the NACR process be so responsive?

Mike


On Thu, 20 Apr 1995, Hank 
Nussbacher wrote:

> On Wed, 19 Apr 1995 18:49:39 -0400 you said:
> > > telent info.ripe.net to test it out.
> >
> > RIPE database does not control the actual routing.
> >
> > I'm not sure the current RADB project has any mention
> > of real-time updates of gated from the database.
> `With dozens of updates we do every day it nearly as good
> > as useless.
>
> CERN (as an example) picks up my routing updates daily and builds its
> new access filter based on mine and others routing updates.  I'm not
> sure you want realtime updates to the actual routing.  In any event,
> it is an improvement over the time lag of NACR updates.
>
> > > It should be secure.
> >
> > > I use a password on all AS updates to AS378.
> >
> > You call *that* secure?  We have way too many people who
> > need to do changes for our AS-es.  Check the contact
> > list for AS1800.
>
> You can assign as many users as you wish to control specific ASs.
> Currently it checks my email address and password.  No match -
> and the maintainer of the AS gets a warning mail about the attempt
> to alter the routing within my AS - and I have gotten warning
> e-mails already.  Adding in PGP authentication should not be too
> hard if it is not done already.
>
> > If i can't implement my existing policy, i cannot use RADB, ok?
> >
> > (Well, we _will_ use it -- to talk to people whose announcements
> > are loaded with garbadge).  We simply cannot use it to talk
> > to major service providers because policies in place cannot
> > be represented in RIPE-81.
>
> So speak to the authors and get it improved.
>
> > --vadim
>
> Hank

--------------------------------------------------------------------------------
Michael F. Nittmann                                             nittmann () wis com
Network Architect                                               nittmann () b3 com 
B3 Corporation, Marshfield, WI (CIX Member)               (715) 387 1700 xt. 158
US Cyber (SM), Washington DC                              (715) 573 2448
                                                          (715) 831 7922
--------------------------------------------------------------------------------