nanog mailing list archives
Re: Public shaming list for ISPs announcing other ISPs IP space by mistake
From: Jared Mauch <jared () puck nether net>
Date: Thu, 14 Aug 2008 15:09:18 -0400
On Thu, Aug 14, 2008 at 11:32:28AM -0700, brett watson wrote:
On Aug 14, 2008, at 11:21 AM, David Freedman wrote:but, why wouldn't something like formally requiring customers/peers/transits/etc to have radb objects as a 'requirement' for peering/customer bgp servicesStep 1 : Enforce IRR for customers *now*.Right, but I think the bigger issue is not just that "data is in the IRR" but rather "the data is there, and "some organization" has validated that 1) the "owner" is authentic, 2) they own the prefixes they entered, 3) they are authorized to originate the prefixes, and 4) the policies they entered are valid and agreed to by the other parties." We have to be able to *trust* the data in the IRR, which I assume is one of the biggest impediments to being used by everyone: who's going to validate all that data and how will they do it?
You're missing a step: janitor. No really, the reason for some leaks isn't because so-and-so was never a customer, they were. 5 years ago. nobody removed the routes from the IRR or AS-SET or <insert method here> and now the route is learned via some other location and it's bypassed your perimiter security and infiltrated your BGP. There's many simple things that makes it seem like it's an impossible task, but there's a saying, if you're not progressing you're regressing. If the toolset is too complex or doesn't work, what are YOU doing to make it better for you and/or your customers? - jared -- Jared Mauch | pgp key available via finger from jared () puck nether net clue++; | http://puck.nether.net/~jared/ My statements are only mine.
Current thread:
- RE: Public shaming list for ISPs announcing other ISPs IP space bymistake, (continued)
- RE: Public shaming list for ISPs announcing other ISPs IP space bymistake michael.dillon (Aug 14)
- Re: Public shaming list for ISPs announcing other ISPs IP space bymistake David Conrad (Aug 14)
- Re: Public shaming list for ISPs announcing other ISPs IP space bymistake Jean-François Mezei (Aug 14)
- Re: Public shaming list for ISPs announcing other ISPs IP space bymistake Steven M. Bellovin (Aug 14)
- Re: Public shaming list for ISPs announcing other ISPs IP space bymistake Danny McPherson (Aug 14)
- Re: Public shaming list for ISPs announcing other ISPs IP space bymistake Mikael Abrahamsson (Aug 14)
- Re: Public shaming list for ISPs announcing other ISPs IP space bymistake Danny McPherson (Aug 14)
- Re: Public shaming list for ISPs announcing other ISPs IP space by mistake David Freedman (Aug 14)
- Re: Public shaming list for ISPs announcing other ISPs IP space by mistake Randy Bush (Aug 14)
- Re: Public shaming list for ISPs announcing other ISPs IP space by mistake brett watson (Aug 14)
- Re: Public shaming list for ISPs announcing other ISPs IP space by mistake Jared Mauch (Aug 14)
- Re: Public shaming list for ISPs announcing other ISPs IP space by mistake Danny McPherson (Aug 14)
- Re: Public shaming list for ISPs announcing other ISPs IP space by mistake David Freedman (Aug 15)
- Re: Public shaming list for ISPs announcing other ISPs IP space by mistake Michael Smith (Aug 16)
- Re: Public shaming list for ISPs announcing other ISPs IP space by mistake Jon Lewis (Aug 17)
- Re: Public shaming list for ISPs announcing other ISPs IP space by mistake Jared Mauch (Aug 17)
- Re: Public shaming list for ISPs announcing other ISPs IP space by mistake David Barak (Aug 17)
- Re: Public shaming list for ISPs announcing other ISPs IP space by mistake Bill Nash (Aug 18)
- Re: Public shaming list for ISPs announcing other ISPs IP space by mistake Deepak Jain (Aug 18)
- Re: Public shaming list for ISPs announcing other ISPs IP space by mistake Joe Malcolm (Aug 15)