Bogon filtering

Fri Dec 3 11:51:57 UTC 2004

> There is one thing though which is somewhat a problem with these setups,
> one has to trust the source of the filters, they are technically
> controlling your network, who you talk to and who not. And this little
> technical issue can be a huge political issue.

This change control issue is an important one
because, as we have seen with many other technical
great ideas, operations folks cannot just go ahead
and implement every great idea. There are management
people to convince that this great idea will not
disrupt the operation of the network, either directly
or indirectly through unwarranted cost increases.

In my opinion, these type of feeds should not be
made available in BGP format, because, as you say,
this puts the external party in control of your routing
policy. I think that these feeds should be considered
"advisory information" and made available in a format
that can easily be integrated into a change control
system where humans can check and validate the data.
I really do think that LDAP would be the ideal protocol
for doing this.

As for oversight of Cymru's bogon list and trust 
issues... well, this is what the RIR system was
developed for. We don't technically need RIRs
to allocate IP addresses. But we do need them to
provide oversight and trust of the whole IP
allocation process. At this point, most people have
no idea who Cymru is other than Rob Thomas and
while he appears to be a very clued and trustworthy
individual, he is operating a service that does not
have community oversight in the same way as the
RIRs.

In a sense, Rob is a hacker who has installed his
rootkit into the IANA/RIR system. He was only able
to do so because the IANA and RIRs were not paying
enough attention to their interfaces, thus creating
a grey area which Cymru is filling.

--Michael Dillon