nanog mailing list archives
Re: ROVER routing security - its not enumeration
From: Randy Bush <randy () psg com>
Date: Tue, 05 Jun 2012 14:00:49 -0700
routing protection without enumeration.I can see a use-case for something like: "Build me a prefix list from the RIR data"this requires a full data fetch, not doable in dns.does it? shane implied (and it doesn't seem UNREASONABLE, modulo some 'doing lots of spare queries') to query for each filter entry at filter creation time, no?
what is the query set, every prefix /7-/24 for the whole fracking ABC space?
that could be optimized I bet, but it SEEMS doable, cumbersome, but doable. the 'fail open' answer also seems a bit rough in this case (but no worse than 'download irr, upload to router, win!' which is today's model).
irr, i do have the 'full' set. but you said RIR (the in-addr roots), not IRR. was it a mis-type? and i am not gonna put my origin data in the irr and the dns. randy
Current thread:
- ROVER routing security - its not enumeration Daniel Massey (Jun 05)
- Re: ROVER routing security - its not enumeration Shane Amante (Jun 05)
- Re: ROVER routing security - its not enumeration Christopher Morrow (Jun 05)
- Re: ROVER routing security - its not enumeration Randy Bush (Jun 05)
- Re: ROVER routing security - its not enumeration Christopher Morrow (Jun 05)
- Re: ROVER routing security - its not enumeration Randy Bush (Jun 05)
- Re: ROVER routing security - its not enumeration Christopher Morrow (Jun 05)
- Re: ROVER routing security - its not enumeration Randy Bush (Jun 05)
- Re: ROVER routing security - its not enumeration Randy Bush (Jun 05)
- Re: ROVER routing security - its not enumeration Doug Montgomery (Jun 06)
- Re: ROVER routing security - its not enumeration Paul Vixie (Jun 10)
- Re: ROVER routing security - its not enumeration Doug Montgomery (Jun 11)
- Re: ROVER routing security - its not enumeration Christopher Morrow (Jun 05)