Yahoo outage summary

Joe Abley jabley at ca.afilias.info
Mon Jul 9 20:50:56 UTC 2007



On 9-Jul-2007, at 16:13, Jared Mauch wrote:

> 	Some have automated systems, but they're dependent on IRR data
> being correct.  There are even tools to automate population of IRR  
> data.

Building customer filters from the IRR seems like it should fall in  
the "easy" bucket, given how long people have been doing it, and for  
how long. It's the lack of a way to trust the data that's published  
in the IRR that always seems to be the stumbling block.

Various ops-aware people have been attacking the correctness issue in  
the SIDR working group. The work seems fairly well-cooked to me, and  
I seem to think that Geoff Huston has wrapped some proof-of-concept  
tools around the crypto.

SIDR is only of any widespread use if it is coupled with policy/ 
procedures at the RIRs to provide certificates for resources that are  
assigned/allocated. However, this seems like less of a hurdle than  
you'd think when you look at how many RIR staff are involved in  
working on it.

So, if you consider some future world where there are suitably  
machine-readable repositories of number resources (e.g. IRRs) are  
combined with machine-verifiable certificates affirming a customer's  
right to use them, how far out of the woods are we? Or are we going  
to find out that the real problem is some fundamental unwillingness  
to automate this stuff, or something else?


Joe



More information about the NANOG mailing list