route ingress
John A. Tamplin
jat at traveller.com
Tue Jan 6 19:10:10 UTC 1998
On 6 Jan 1998, Sean M. Doran wrote:
> This would be much easier if we had a bottom-up
> hierarchical addressing structure rather than the
> current top-down one.
>
> Consider the distribution of cryptographically
> authenticated connectivity maps a la NIMROD or a
> multi-level LS protocol, for example, for path
> authentication vs. how one would distribute and
> authenticate reachability information with the
> current addressing structure.
I don't understand how the current top-down allocation affects how that
would be done. As I see it (and I haven't spent any significant time
working on it, but it seems straightforward):
1) ARIN/whoever signs an address allocation to an entity
2) that entity signs route announcements to peers/upstreams, incuding
who they are announced to
3) readvertisements are signed by the advertiser
Any recipient of a route can verify that the address space was properly
allocated by inspecting the address allocation certificate and verifying
the signature of the registry, and they can verify the path that
advertisement has taken to get to where it is. Thus no one can interject
a route to a network prefix that is not properly allocated, and someone
cannot steal a route advertisement for someone else's prefix. The biggest
problem with something like this is the size of the routing table in
memory (since you have to keep certificates around for readvertisements)
and in the bandwidth required for the updates.
I am not familiar with NIMROD, do you have a pointer to it?
John Tamplin Traveller Information Services
jat at Traveller.COM 2104 West Ferry Way
205/883-4233x7007 Huntsville, AL 35801
More information about the NANOG
mailing list