Summary: Operational question: Building filters from IRRdbs
Alex Bligh
amb at gxn.net
Wed Jan 13 01:03:05 UTC 1999
As promised, an anonymized summary:
I asked:
>* Does anyone actually do build filters without running
> their own complete database mirror, i.e. do they rely real
> time on a database working. If so, which one?
>
>* Does anyone let this config their routers automatically? To peers
> customers, transits, or all three? Or do you rely on humans to
> reinstall the lists once autogenerated?
>
>* If it's just a fact of life that occasionally this thing turns up duff
> data, and if people are in general doing automatic installation, what
> data validation heuristics are used?
A good few responses.
1. I was foolishly using version 4 which relies on RPSL servers which are
not yet in production, rather than version 3 which uses RIPE-183.
Currently all users who mentioned it use version 3 tools, and
whois.ra.net as a serer, except one who uses RIPE and 'internal databases'.
Noone mentioned running a mirror server.
2. Everybody claimed they sanity checked the output from peval, either
manually, or automatically. Substantial changes in length were mentioned
as indicators to 'pass to manual processing'. Some respondants also
suggested that when automatically updating routers, substantial
config-length changes were also detected, and caused a passing to manual
processing. Some reasonable algorithmic detail was documented, which
differed substantially between respondants. Amusingly there were also
differences between two staff members of the same ISP.
3. In general, filtering was restricted to customers or customer-like entities.
Some respondants suggested they used the same technology for small peers
or ones they couldn't trust.
4. Noone suggested their techniques (including whatever level of human
validation) were sufficiently fallible to cause increased chance of
'fact of life' breakages.
Thanks to all who responded.
--
Alex Bligh
GX Networks (formerly Xara Networks)
More information about the NANOG
mailing list