69/8...this sucks -- Centralizing filtering..
Michael.Dillon at radianz.com
Michael.Dillon at radianz.com
Mon Mar 10 17:54:50 UTC 2003
>> I don't think ARIN can help the situation. ISPs just need to remove
the
>> access lists from each router in the network and centralize them.
>I totally agree with you. However, as always, centralized systems, while
>ease management and scalability, everything becomes a trust issue and a
>single point of failure or source of problems...
Yeah, who would you trust to maintain a centralized database of IP address
ranges?
>May be, this could be a subscription based type of service, something
like
>RADB, where everyone subscribes into a central filtering list that is
>managed by a seperate organization?
Yup, you're right. This should be done by a 3rd party organization, not an
ISP. I wonder whether there are any 3rd party organizations trusted by
ISPs that have experience in maintaining a database of IP address ranges?
ARIN, perhaps?
>I really like the Rob's bogon
>route-server setup.
That's probably because you are a router geek. I have nothing against
Rob's setup but I know that the vast majority of geeks know nothing about
route-servers and have no incentive to learn about them. But they all know
what LDAP is, some of them already run LDAP servers and the rest probably
plan to learn more about LDAP some day. We could leverage that widespread
knowledge of LDAP by publishing route data (or any other data regarding
attributes of IP address ranges) using the IETF standard LDAPv3 protocol.
In fact, I know that Rob is considering setting up an LDAP server as an
alternative way to offer bogon data. I think this is a great idea as a
testbed, i.e. offer the data through many protocols and see which is most
popular. Howevere, I think that when it does become popular, it needs to
be integrated with ARIN's authoritative database of IP address
delegations.
-- Michael Dillon
More information about the NANOG
mailing list