69/8...this sucks -- Centralizing filtering..

Mon Mar 10 17:54:50 UTC 2003

>> I don't think ARIN can help the situation.  ISPs just need to remove 
the
>> access lists from each router in the network and centralize them.

>I totally agree with you. However, as always, centralized systems, while
>ease management and scalability, everything becomes a trust issue and a
>single point of failure or source of problems...

Yeah, who would you trust to maintain a centralized database of IP address 
ranges?

>May be, this could be a subscription based type of service, something 
like
>RADB, where everyone subscribes into a central filtering list that is
>managed by a seperate organization? 

Yup, you're right. This should be done by a 3rd party organization, not an 
ISP. I wonder whether there are any 3rd party organizations trusted by 
ISPs that have experience in maintaining a database of IP address ranges?

ARIN, perhaps?

>I really like the Rob's bogon
>route-server setup.

That's probably because you are a router geek. I have nothing against 
Rob's setup but I know that the vast majority of geeks know nothing about 
route-servers and have no incentive to learn about them. But they all know 
what LDAP is, some of them already run LDAP servers and the rest probably 
plan to learn more about LDAP some day. We could leverage that widespread 
knowledge of LDAP by publishing route data (or any other data regarding 
attributes of IP address ranges) using the IETF standard LDAPv3 protocol.

In fact, I know that Rob is considering setting up an LDAP server as an 
alternative way to offer bogon data. I think this is a great idea as a 
testbed, i.e. offer the data through many protocols and see which is most 
popular. Howevere, I think that when it does become popular, it needs to 
be integrated with ARIN's authoritative database of IP address 
delegations.

-- Michael Dillon