nanog mailing list archives
Re: ROVER routing security - its not enumeration
From: Christopher Morrow <morrowc.lists () gmail com>
Date: Tue, 5 Jun 2012 15:44:21 -0400
On Tue, Jun 5, 2012 at 3:40 PM, Randy Bush <randy () psg com> wrote:
There are number of operational models that provide the needed routing protection without enumeration.I can see a use-case for something like: "Build me a prefix list from the RIR data"this requires a full data fetch, not doable in dns.
does it? shane implied (and it doesn't seem UNREASONABLE, modulo some 'doing lots of spare queries') to query for each filter entry at filter creation time, no? get-as-GOOGLE = 216.239.32.0/19 lookup-in-dns = <rover-query-for-/19> + <rover-query-for-/20> + <rover-query-for-/21>..... that could be optimized I bet, but it SEEMS doable, cumbersome, but doable. the 'fail open' answer also seems a bit rough in this case (but no worse than 'download irr, upload to router, win!' which is today's model). -chris
Current thread:
- ROVER routing security - its not enumeration Daniel Massey (Jun 05)
- Re: ROVER routing security - its not enumeration Shane Amante (Jun 05)
- Re: ROVER routing security - its not enumeration Christopher Morrow (Jun 05)
- Re: ROVER routing security - its not enumeration Randy Bush (Jun 05)
- Re: ROVER routing security - its not enumeration Christopher Morrow (Jun 05)
- Re: ROVER routing security - its not enumeration Randy Bush (Jun 05)
- Re: ROVER routing security - its not enumeration Christopher Morrow (Jun 05)
- Re: ROVER routing security - its not enumeration Randy Bush (Jun 05)
- Re: ROVER routing security - its not enumeration Randy Bush (Jun 05)
- Re: ROVER routing security - its not enumeration Doug Montgomery (Jun 06)
- Re: ROVER routing security - its not enumeration Paul Vixie (Jun 10)
- Re: ROVER routing security - its not enumeration Doug Montgomery (Jun 11)
- Re: ROVER routing security - its not enumeration Christopher Morrow (Jun 05)