Re: [doable?] peer filtering (was Re: Trusting BGP sessions)

[john heasley <heas () shrubbery net>]

On Wed, Nov 15, 2000 at 04:25:59PM -0500, gerald () merit edu darkened my spool with the following:
> > > Since Sprint and UUnet don't seem to be willing to provide information
> > > in the IRR to allow us to generate access-lists/policies, and not
> > > peering with these folks would be a Bad Idea(tm), so we can't quite
> > > filter everyone. (If I could figure out a way to get them to register,
> > > I'd have fun trying, though.)
> >
> > so, the question is how to make registering irresistable?  peering
> > contract requirement?  peer pressure? :)
>
> I would be very interested to hear from anyone who has problems/suggestions/
> criticisms/etc... with the current routing registry.  In particular,
> it would be nice to hear from UUnet, Sprint and those people who
> choose not to register in the IRR.
>
> A few years ago the chief complaints were poor data integrity (ie, bogus/old
> /stale data), authentication/security and under-participation 
> (ie, very few ISP's used the registry).  Yes, these are very serious
> problems.
>
> The data integrity problem I am guessing would still be the main
> drawback people would cite.
>
> We/Merit have worked hard over the last several years to address
> the problems associated with the IRR and continue to do so.  We 
> are finally in a position to do something about the data integrity 
> problem and expect to implement RFC2725 (ie, RPS auth) by mid-2001
> which should have a significant impact.
>
> But things change over time and I would like to hear what people
> think.  Criticisms, suggestions, ...?
>
> --jerry winters (Merit)

i would venture to say that laziness would be one reason folks don't
register.  possibly the primary.

havent you heard; diligence is passe.  how many have md5 auth on all
their [ie]bgp sessions?  <my hand is not raised, unfortunately>