nanog mailing list archives
Re: Yahoo outage summary
From: Jared Mauch <jared () puck nether net>
Date: Mon, 9 Jul 2007 17:15:30 -0400
On Mon, Jul 09, 2007 at 04:50:56PM -0400, Joe Abley wrote:
On 9-Jul-2007, at 16:13, Jared Mauch wrote:Some have automated systems, but they're dependent on IRR data being correct. There are even tools to automate population of IRR data.Building customer filters from the IRR seems like it should fall in the "easy" bucket, given how long people have been doing it, and for how long. It's the lack of a way to trust the data that's published in the IRR that always seems to be the stumbling block.
-- snip --
So, if you consider some future world where there are suitably machine-readable repositories of number resources (e.g. IRRs) are combined with machine-verifiable certificates affirming a customer's right to use them, how far out of the woods are we? Or are we going to find out that the real problem is some fundamental unwillingness to automate this stuff, or something else?
It's that some folks feel entitled to announce routes without registering them. Take ANS vs Sprintlink as the classic example. Not much has changed since then. Nor have the tools evolved significantly. Some vendors still don't get router configuration from tools yet. Try to automate something and it's not easy or impossible. Even the best solutions on the market have some problems when you feed it a 8+Meg config. It takes a lot of cpu time to process that much. There really need to be some (ick, ignore that I suggested this) Web 2.0 IRR tools. Something that can smartly populate an IRR or IRR-like dataset. Something that can be taught to 'learn' what is reasonable. I've seen some cool things that show promise (eg: pretty good bgp), but there's always some interesting drawback. Plus, as Patrick said earlier, (and i generally agree), these types of "attacks" are rare and usually short lived. Even those like the panix situation didn't last very long. Perhaps it's not as important to think about now. - Jared -- Jared Mauch | pgp key available via finger from jared () puck nether net clue++; | http://puck.nether.net/~jared/ My statements are only mine.
Current thread:
- Re: Yahoo outage summary, (continued)
- Re: Yahoo outage summary Roland Dobbins (Jul 08)
- Re: Yahoo outage summary Tony Tauber (Jul 09)
- Re: Yahoo outage summary Randy Bush (Jul 09)
- Re: Yahoo outage summary Sean Donelan (Jul 09)
- Re: Yahoo outage summary Douglas Otis (Jul 09)
- Re: Yahoo outage summary Sean Donelan (Jul 08)
- Re: Yahoo outage summary Steven M. Bellovin (Jul 08)
- Re: Yahoo outage summary Sean Donelan (Jul 08)
- Re: Yahoo outage summary Joe Abley (Jul 09)
- Re: Yahoo outage summary Jared Mauch (Jul 09)
- Re: Yahoo outage summary Tony Tauber (Jul 09)