route ingress

John A. Tamplin jat at
Tue Jan 6 19:10:10 UTC 1998

On 6 Jan 1998, Sean M. Doran wrote:

> This would be much easier if we had a bottom-up
> hierarchical addressing structure rather than the 
> current top-down one.
> Consider the distribution of cryptographically
> authenticated connectivity maps a la NIMROD or a 
> multi-level LS protocol, for example, for path
> authentication vs. how one would distribute and 
> authenticate reachability information with the 
> current addressing structure.

I don't understand how the current top-down allocation affects how that 
would be done.  As I see it (and I haven't spent any significant time
working on it, but it seems straightforward):
 1) ARIN/whoever signs an address allocation to an entity
 2) that entity signs route announcements to peers/upstreams, incuding
    who they are announced to
 3) readvertisements are signed by the advertiser

Any recipient of a route can verify that the address space was properly 
allocated by inspecting the address allocation certificate and verifying
the signature of the registry, and they can verify the path that 
advertisement has taken to get to where it is.  Thus no one can interject
a route to a network prefix that is not properly allocated, and someone 
cannot steal a route advertisement for someone else's prefix.  The biggest
problem with something like this is the size of the routing table in
memory (since you have to keep certificates around for readvertisements)
and in the bandwidth required for the updates.

I am not familiar with NIMROD, do you have a pointer to it?

John Tamplin					Traveller Information Services
jat at Traveller.COM				2104 West Ferry Way
205/883-4233x7007				Huntsville, AL 35801

More information about the NANOG mailing list