whois for just prefix list

• Previous message (by thread): whois for just prefix list
• Next message (by thread): whois for just prefix list
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Monday, Apr 14, 2003, at 11:31 Canada/Eastern, Russell Heilling 
wrote:

> Enforcement by upstream was actually what I meant here.  Defined 
> standards
> and a good set of tools to build filters will lead to more people 
> building
> filters based on registered policy, which should force people to 
> overcome
> laziness and to keep things up to date.

At the moment, if some customer wants to announce some non-PA block of 
addresses to their ISP they probably have some ISP-specific, manual, 
support-based procedure to wade through, during which there is at least 
a passing chance that some ISP engineer will check to see that the 
block to be announced looks plausibly legitimate. I have had dealings 
with a number of ISPs who do fairly exhaustive checking, down to 
requiring the RIR-tagged administrative contact to fax authorisation 
for them to accept and propagate the route.

On the other hand, if all ISPs blindly believe what customers tell them 
just because the customers are telling them via the IRR, there is a 
much greater chance of mess, both accidental and malicious.

I guess as an ISP you could accommodate both by using a customer import 
policy like

aut-num: AS9327
import: from AS9327:AS-CUST-SET action pref=100;
   accept AS9327:AS-CUST-SET AND
     (AS9327:AS-CUST-VERIFIED OR
     AS9327:RS-CUST-VERIFIED);

to choose the intersection of whatever CUST thinks they should be able 
to announce with what you have verified CUST should be able to 
announce. But how many people do that? It seems more common for 
IRR-builders to say "what's your macro?" and blindly trust it.

Maybe I'm missing something.


Joe

• Previous message (by thread): whois for just prefix list
• Next message (by thread): whois for just prefix list
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]