nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Lightly used IP addresses

From: Randy Bush <randy () psg com>
Date: Tue, 17 Aug 2010 05:46:49 +0900
Kind of interesting to consider how a successful implementation of
RPKI might change the rules of this game we all play in. I tried
talking about that at ARIN in Toronto, not certain I was clear
enough.


first, let's remember that the rpki is a distributed database which has
a number of possible applications.

the first technical application on the horizon is route origin
validation.


I'm not at all convinced this would help all that much.  A PKI would
allow better verification of authentication - but how many providers
currently have doubts about who the other end of their BGP session is?
I'm sure most of the ones who care have already set up TCPMD5 and/or
TTL hacks, and the rest wouldn't deploy an RPKI.


route origin validation is not about authenticating your neighbor.  it
is about being able to base your routing policy on whether the origin
asn of an announcement is authorized to originate a particular prefix.

it is stopping fat fingers such as pk/youtube, 7007, and the every day
accidental mis-announcements of others' prefixes.

randy
Previous By Date Next
Previous By Thread Next

Current thread: