Re: Global Blackhole Service

[Matthew Moyle-Croft <mmc () internode com au>]

Florian Weimer wrote:
> If you want to run a public exchange point, you need to solve the same 
> announcement validation problem. Multiple organizations appear to do 
> it successfully, so it can't be that difficult.
How exactly do you do "validation"?   If I give you a list of ASes and 
prefixes, what can you do to validate that they're ones I can actually 
announce on behalf of someone else?   I can put whatever I want in an 
AS-SET (etc) pretty much.  How do you actually check that I have the 
right relationship with a customer (or customer of a customer of a 
customer etc)?  

To put it into context - the approach of stuffing other people's ASes in 
a path to prevent them learning it is wide spread, especially in Asia - 
I've seen AS-SETs with all sorts of Tier1/2 ASes even though I know that 
they have no transit relationship with them!

MMC

--
Matthew Moyle-Croft - Internode/Agile - Networks
Level 4, 150 Grenfell Street, Adelaide, SA 5000 Australia
Email: mmc () internode com au  Web: http://www.on.net
Direct: +61-8-8228-2909             Mobile: +61-419-900-366
Reception: +61-8-8228-2999          Fax: +61-8-8235-6909