route ingress
Justin W. Newton
justin at priori.net
Wed Dec 31 00:22:54 UTC 1997
At 04:13 PM 12/30/97 -0800, Vadim Antonov wrote:
>> filters are your friend. filters are your friends' friend.
>
>Yes, but centralized database is not the answer. For one, it
>is liable to be screwed up completely from time to time (that much,
>InterNIC experience shows us). It is expensive to maintain; and
>the problem of accuracy of the information within is quite acute.
>The political implications of a cenrtalized agency are even worse;
>i do not think we want a replay of the domain name debate.
>
>The only real solution is strong cryptographical authentication of
>the ownership of routing prefixes. For some reason i do not see
>any serious work in that direction being done.
>
>For now, it may be a good idea for tier-1 providers to adhere to a
>procedure similar to that used (or used to be used) by Sprint: no
>customer routing information is accepted before customer's border
>box configuration passed inspection by Sprint staff. No-nos included
>unfiltered redistribution of IGP into BGP and lack of anti-transit AS-path
>filters.
Vadim,
Your policy above is unwise from the perspective that it seems to believe
that configuration errors are a one time problem. A more reasonable policy
is to help your customers learn how to setup filters properly, and then
filter heavily on /your/ router to make certain hat no matter what they do
they can't effect either your internal, or external routing.
**************************************************************
Justin W. Newton voice: +1-650-482-2840
Senior Network Architect fax: +1-650-482-2844
PRIORI NETWORKS, INC. http://www.priori.net
Legislative and Policy Director, ISP/C http://www.ispc.org
"The People You Know. The People You Trust."
**************************************************************
More information about the NANOG
mailing list