nanog mailing list archives
Re: So -- what did happen to Panix?
From: Todd Underwood <todd-nanog () renesys com>
Date: Fri, 27 Jan 2006 10:32:42 -0500
randy, all, On Fri, Jan 27, 2006 at 04:36:28AM -0800, Randy Bush wrote:
what I saw by going through the diffs, etc.. that I have available to me is that the prefix was registered to be announced by our customer and hence made it into our automatic IRR filters.i.e., the 'error' was intended, and followed all process.
yep. that's the depressing part.
so, what i don't see is how any hacks on routing, such as delay, history, ... will prevent this while not, at the same time, have very undesired effects on those legitimately changing isps.
you're probably right (as usual). but it seems that if you delay acceptance of announcements with novel origination patterns, you don't harm very many legitimate uses. in particular, ASes changing upstreams won't be harmed at all. people moving their prefix to a new ISP will have a fixed delay in getting their announcement propagated, sure. but they already have this delay now. they tell the new ISP: 'announce my prefix' and the new ISP says 'prove it's yours'. they do that for a couple of emails. then the new ISP asks it's upstreams to accept that announcement. that takes a little while (ranging from 4 to 72 hours in my recent experience).
seems to me that certified validation of prefix ownership and as path are the only real way out of these problems that does not teach us the 42 reasons we use a *dynamic* protocol.
certified validation of prefix ownership (and path, as has been pointed out) would be great. it's clearly a laudable goal and seemed like the right way to go. but right now, no one is doing it. the rfcs that's i've found have all expired. and the conversation about it has reached the point where people seem to have stopped even disagreeing about how to do it. in short, it's as dead as dns-sec. so what are we do do in the meantime? t. -- _____________________________________________________________________ todd underwood chief of operations & security renesys - internet intelligence todd () renesys com www.renesys.com
Current thread:
- MPLS vs PTP, (continued)
- MPLS vs PTP Andrew Staples (Jan 30)
- Re: MPLS vs PTP Jon Lewis (Jan 30)
- Re: MPLS vs PTP Michael . Dillon (Jan 31)
- RE: MPLS vs PTP Neil J. McRae (Jan 31)
- Re: MPLS vs PTP Michael Loftis (Jan 31)
- Re: MPLS vs PTP John Curran (Jan 31)
- Re: So -- what did happen to Panix? Patrick W. Gilmore (Jan 27)
- Re: So -- what did happen to Panix? Joe Abley (Jan 27)
- Re: So -- what did happen to Panix? Patrick W. Gilmore (Jan 27)
- Re: So -- what did happen to Panix? Michael . Dillon (Jan 30)
- Re: So -- what did happen to Panix? Todd Underwood (Jan 27)
- Re: So -- what did happen to Panix? Michael . Dillon (Jan 27)
- Re: So -- what did happen to Panix? Steven M. Bellovin (Jan 28)
- Re: So -- what did happen to Panix? Michael . Dillon (Jan 30)
- Re: So -- what did happen to Panix? Todd Underwood (Jan 27)
- Re: So -- what did happen to Panix? Todd Underwood (Jan 30)