Securing the BGP or controlling it?
Nick Hilliard
nick at foobar.org
Mon May 10 17:23:54 UTC 2010
On 10/05/2010 17:58, Jared Mauch wrote:
> On May 10, 2010, at 12:48 PM, Nick Hilliard wrote:
>> - there are some endemic data reliability problems with the IRRDBs,
>> exacerbated by the fact that on most of the widely-used IRRDBs, there is no
>> link between the RIR and the IRRDB, which means that anyone can register
>> any address space. whois.ripe.net doesn't allow this, but lots of other
>> IRRDBs do.
>
> Certainly this is a function that you can petition your local RIR to do,
> have you made a proposal to them?
RIPE does this automatically. But I have no idea how this sort of thing
would be implemented between an RIR like ARIN and an IRRDB like whois.radb.net.
>> - the ripe whois server software does not support server-side as-set
>> expansion. This is a really serious problem if you're expanding large ASNs.
>
> Have you asked them to include this?
I've enquired informally and was left with the impression that it would be
difficult; the RIPE DB code is troublesome, and there are line protocol
differences between the ripe server and the merit server which would make
parsing an interesting proposition.
> I certainly agree the tools here are suboptimal, but is that the the
> reason to throw the baby out with the bathwater?
Not at all - I use prefix filtering in anger, and it works very well in its
place.
> Who is going to be the provider that turns away business because their
> customer is unwilling to register their routes in a klunky-toolset?
Lots. They'll certainly take on the business, but I know of several
well-known names who provide service in Dublin and who won't accept your
prefixes unless they are registered in an IRRDB.
> What improvements to the toolset should go back to the community to
> improve filtering?
If you're offering to hack code, great - email me offline :-)
Nick
More information about the NANOG
mailing list