nanog mailing list archives
Re: Securing the BGP or controlling it?
From: Nick Hilliard <nick () foobar org>
Date: Mon, 10 May 2010 17:48:43 +0100
On 10/05/2010 17:00, Aaron Glenn wrote:
my gut says things would do well to begin with simply making an effort at maintaining usable irr data and automagically generating sane filters. why don't people do that again? I hope I'm not naively misunderstanding a primary use of irr data in front of 10,000 of my closest friends...
There are a lot of problems associated with using IRRDB filters for inbound prefix filtering. - some clients announce lots of prefixes. This can make inbound prefix filtering difficult in some situations. pixiedust:/home/nick> grep '>' pakistani-telecom.bgpdump.txt | wc -l 967 - there are some endemic data reliability problems with the IRRDBs, exacerbated by the fact that on most of the widely-used IRRDBs, there is no link between the RIR and the IRRDB, which means that anyone can register any address space. whois.ripe.net doesn't allow this, but lots of other IRRDBs do. - the ripe whois server software does not support server-side as-set expansion. This is a really serious problem if you're expanding large ASNs. - there is very little client software. At least irrtoolset compiles these days, but its front-end is very primitive. rpsltool provides some really nice templating functionality, but doesn't implement large sections of the rpsl standards. Nick
Current thread:
- Re: Securing the BGP or controlling it?, (continued)
- Re: Securing the BGP or controlling it? Christopher Morrow (May 10)
- Re: Securing the BGP or controlling it? Jack Bates (May 10)
- Re: Securing the BGP or controlling it? Christopher Morrow (May 10)
- Re: Securing the BGP or controlling it? Franck Martin (May 10)
- RE: Securing the BGP or controlling it? Thomas Magill (May 10)
- Re: Securing the BGP or controlling it? Zaid Ali (May 10)
- Re: Securing the BGP or controlling it? deleskie (May 10)
- RE: Securing the BGP or controlling it? Hank Nussbacher (May 10)
- Re: Securing the BGP or controlling it? Christopher Morrow (May 10)
- Re: Securing the BGP or controlling it? Nick Hilliard (May 10)
- Re: Securing the BGP or controlling it? Aaron Glenn (May 10)
- Re: Securing the BGP or controlling it? Nick Hilliard (May 10)
- Re: Securing the BGP or controlling it? Jared Mauch (May 10)
- Re: Securing the BGP or controlling it? Nick Hilliard (May 10)
- Re: Securing the BGP or controlling it? Joe Abley (May 10)
- Re: Securing the BGP or controlling it? Danny McPherson (May 10)
- Re: Securing the BGP or controlling it? Randy Bush (May 10)
- Re: Securing the BGP or controlling it? Nick Hilliard (May 11)
- Re: Securing the BGP or controlling it? Danny McPherson (May 11)
- Re: Securing the BGP or controlling it? Marshall Eubanks (May 11)
- Re: Securing the BGP or controlling it? Patrick W. Gilmore (May 11)
- Re: Securing the BGP or controlling it? Danny McPherson (May 10)