nanog mailing list archives
Re: route ingress
From: Vadim Antonov <avg () pluris com>
Date: Tue, 30 Dec 1997 16:13:58 -0800
filters are your friend. filters are your friends' friend.
Yes, but centralized database is not the answer. For one, it is liable to be screwed up completely from time to time (that much, InterNIC experience shows us). It is expensive to maintain; and the problem of accuracy of the information within is quite acute. The political implications of a cenrtalized agency are even worse; i do not think we want a replay of the domain name debate. The only real solution is strong cryptographical authentication of the ownership of routing prefixes. For some reason i do not see any serious work in that direction being done. For now, it may be a good idea for tier-1 providers to adhere to a procedure similar to that used (or used to be used) by Sprint: no customer routing information is accepted before customer's border box configuration passed inspection by Sprint staff. No-nos included unfiltered redistribution of IGP into BGP and lack of anti-transit AS-path filters. ---vadim
Current thread:
- route ingress Paul A Vixie (Dec 30)
- Re: route ingress Randy Bush (Dec 30)
- Re: route ingress Vadim Antonov (Dec 30)
- Re: route ingress Randy Bush (Dec 30)
- Re: route ingress Tony Li (Dec 31)
- Re: route ingress Justin W. Newton (Dec 31)
- Re: route ingress Vadim Antonov (Dec 30)
- <Possible follow-ups>
- Re: route ingress Vadim Antonov (Dec 31)
- Re: route ingress Randy Bush (Dec 30)