nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Level 3's IRR Database

From: Christopher Morrow <morrowc.lists () gmail com>
Date: Mon, 31 Jan 2011 17:01:26 -0500
On Mon, Jan 31, 2011 at 3:55 PM, Andree Toonk <andree+nanog () toonk nl> wrote:

.-- My secret spy satellite informs me that at 11-01-31 12:11 PM Christopher
Morrow wrote:



yes, but what is the way forward?


Not sure, that was my original question:
Are there any suggestions or recommendations for how to handle these cases?


So... I think we should keep in mind that rPKI provides some
in-protocol (and on-router) certificate checking bits (this is over
simplified, on purpose). Those things allow you to validate routing
data as you see it on the device, and take some policy steps to react
to that decision.

The other thing that rPKI gets us to is the ability to create and
maintain prefix-list (or equivalent) data for routers in an
automatedand verifiable manner. You could validate the prefixes your
customers/peers claim to have with some cryptographic assurance...
that data is tied to the allocation hierarchy, and it's kept updated
by the allocation chain (IANA->RIR->NIR->LIR->EndUser).

So, maybe the answer is folks will be able to
better/quicker/more-accurately maintain bgp filters and drop this sort
of problem in Adj-Rib-In ?

-Chris
Previous By Date Next
Previous By Thread Next

Current thread: