nanog mailing list archives
Re: [doable?] peer filtering (was Re: Trusting BGP sessions)
From: john heasley <heas () shrubbery net>
Date: Wed, 15 Nov 2000 13:40:09 -0800
On Wed, Nov 15, 2000 at 04:25:59PM -0500, gerald () merit edu darkened my spool with the following:
Since Sprint and UUnet don't seem to be willing to provide information in the IRR to allow us to generate access-lists/policies, and not peering with these folks would be a Bad Idea(tm), so we can't quite filter everyone. (If I could figure out a way to get them to register, I'd have fun trying, though.)so, the question is how to make registering irresistable? peering contract requirement? peer pressure? :)I would be very interested to hear from anyone who has problems/suggestions/ criticisms/etc... with the current routing registry. In particular, it would be nice to hear from UUnet, Sprint and those people who choose not to register in the IRR. A few years ago the chief complaints were poor data integrity (ie, bogus/old /stale data), authentication/security and under-participation (ie, very few ISP's used the registry). Yes, these are very serious problems. The data integrity problem I am guessing would still be the main drawback people would cite. We/Merit have worked hard over the last several years to address the problems associated with the IRR and continue to do so. We are finally in a position to do something about the data integrity problem and expect to implement RFC2725 (ie, RPS auth) by mid-2001 which should have a significant impact. But things change over time and I would like to hear what people think. Criticisms, suggestions, ...? --jerry winters (Merit)
i would venture to say that laziness would be one reason folks don't register. possibly the primary. havent you heard; diligence is passe. how many have md5 auth on all their [ie]bgp sessions? <my hand is not raised, unfortunately>
Current thread:
- Re: Trusting BGP sessions, (continued)
- Re: Trusting BGP sessions David Diaz (Nov 14)
- RE: Trusting BGP sessions Mark Borchers (Nov 14)
- Re: Trusting BGP sessions Steven M. Bellovin (Nov 14)
- Re: Trusting BGP sessions Sean Donelan (Nov 14)
- Re: Trusting BGP sessions Sean Donelan (Nov 14)
- Re: Trusting BGP sessions Adrian Chadd (Nov 15)
- [doable?] peer filtering (was Re: Trusting BGP sessions) john heasley (Nov 15)
- Re: [doable?] peer filtering (was Re: Trusting BGP sessions) Kevin Oberman (Nov 15)
- Re: [doable?] peer filtering (was Re: Trusting BGP sessions) john heasley (Nov 15)
- Re: [doable?] peer filtering (was Re: Trusting BGP sessions) gerald (Nov 15)
- Re: [doable?] peer filtering (was Re: Trusting BGP sessions) john heasley (Nov 15)
- Re: [doable?] peer filtering (was Re: Trusting BGP sessions) Ran Atkinson (Nov 15)
- Re: [doable?] peer filtering (was Re: Trusting BGP sessions) Howard C. Berkowitz (Nov 20)
- Re: [doable?] peer filtering (was Re: Trusting BGP sessions) john heasley (Nov 20)