whois for just prefix list
Joe Abley
jabley at isc.org
Mon Apr 14 15:58:58 UTC 2003
On Monday, Apr 14, 2003, at 11:31 Canada/Eastern, Russell Heilling
wrote:
> Enforcement by upstream was actually what I meant here. Defined
> standards
> and a good set of tools to build filters will lead to more people
> building
> filters based on registered policy, which should force people to
> overcome
> laziness and to keep things up to date.
At the moment, if some customer wants to announce some non-PA block of
addresses to their ISP they probably have some ISP-specific, manual,
support-based procedure to wade through, during which there is at least
a passing chance that some ISP engineer will check to see that the
block to be announced looks plausibly legitimate. I have had dealings
with a number of ISPs who do fairly exhaustive checking, down to
requiring the RIR-tagged administrative contact to fax authorisation
for them to accept and propagate the route.
On the other hand, if all ISPs blindly believe what customers tell them
just because the customers are telling them via the IRR, there is a
much greater chance of mess, both accidental and malicious.
I guess as an ISP you could accommodate both by using a customer import
policy like
aut-num: AS9327
import: from AS9327:AS-CUST-SET action pref=100;
accept AS9327:AS-CUST-SET AND
(AS9327:AS-CUST-VERIFIED OR
AS9327:RS-CUST-VERIFIED);
to choose the intersection of whatever CUST thinks they should be able
to announce with what you have verified CUST should be able to
announce. But how many people do that? It seems more common for
IRR-builders to say "what's your macro?" and blindly trust it.
Maybe I'm missing something.
Joe
More information about the NANOG
mailing list