nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Level 3's IRR Database

From: Jared Mauch <jared () puck nether net>
Date: Mon, 31 Jan 2011 15:19:05 -0500

On Jan 31, 2011, at 3:11 PM, Christopher Morrow wrote:


I understand this is by design, but I can imagine some operators will be
reluctant to actually drop routes when they start testing RPKI deployments
in their networks.


yes, but what is the way forward?


RPKI in my IPv6? :)

Someone is going to be the first person to jump into this sea.  It continues to be something that I am interested in.  
If you look at the risk to your $dayjob, at minimum you should be looking at RPKI for your infrastructure IP space, 
similar to how you might obtain a certificate for your corporate website.

I applaud vendors of hardware and IP services that have managed to do BCP-38 type packet filtering.  It cleans up the 
mess others have to see.  This is the same thing IMHO.  We need to keep the routing infrastructure secure.  This 
doesn't mean you have to secure your network.  But I can decide that if you buy into the same security model as 
described via SIDR/RPKI you may obtain better preference in my network.

- Jared
Previous By Date Next
Previous By Thread Next

Current thread: