Operational Issues with

Vadim Antonov avg at exigengroup.com
Tue Dec 10 14:24:42 UTC 2002

On Tue, 10 Dec 2002, Stephen J. Wilcox wrote:

> > The better way of dealing with the problem of bogus routes is strong
> > authentication of the actual routing updates, whith key being allocated 
> > together with the address block.  Solves unused address space reclaimation 
> > problem, too - when the key expires, it becomes unroutable.
> Of course, who would maintain the key databases and do you mean every route
> would need a key with the central registrar or would it be carved up to eg
> authority on /8 level or lir level which could be /22s.. seems at some point you
> still have to go back to a central resource and if you dont have a single
> resource you make it complicated?

There's a big difference: address allocation (and key distribution) is
off-line, and is not involved in operation of the routing system.
Its failure doesn't cause network malfunction, just aggravation of new

OTOH, invalid RADB data can easily prevent network from operating, on a 
massive scale.


More information about the NANOG mailing list