Securing the BGP or controlling it?

Joe Abley jabley at hopcount.ca
Mon May 10 13:22:15 CDT 2010


On 2010-05-10, at 12:48, Nick Hilliard wrote:

> - there are some endemic data reliability problems with the IRRDBs,
> exacerbated by the fact that on most of the widely-used IRRDBs, there is no
> link between the RIR and the IRRDB, which means that anyone can register
> any address space.  whois.ripe.net doesn't allow this, but lots of other
> IRRDBs do.

The RIPE db doesn't allow that for routes corresponding to address space assigned by the RIPE NCC. For other routes, you can register whatever you want (so long as nobody else got there first).

I'm not complaining about this (I routinely recommend that people use the RIPE db for their non-RIPE address space because as far as I can tell it's about the best-maintained option, and it avoids all kinds of headaches trying to peer in Europe and send routes whose addresses were assigned elsewhere) but in the global context the idea that *everything* in the RIPE db has been subject to strong correlation with assignment/allocation data is false.


Joe


inetnum:      0.0.0.0 - 255.255.255.255
netname:      IANA-BLK
descr:        The whole IPv4 address space
country:      EU # Country is really world wide
org:          ORG-IANA1-RIPE
admin-c:      IANA1-RIPE
tech-c:       IANA1-RIPE
status:       ALLOCATED UNSPECIFIED
remarks:      The country is really worldwide.
remarks:      This address space is assigned at various other places in
remarks:      the world and might therefore not be in the RIPE database.
mnt-by:       RIPE-NCC-HM-MNT
mnt-lower:    RIPE-NCC-HM-MNT
mnt-routes:   RIPE-NCC-RPSL-MNT
source:       RIPE # Filtered

inet6num:     0::/0
netname:      ROOT
descr:        Root inet6num object
country:      EU
org:          ORG-IANA1-RIPE
admin-c:      IANA1-RIPE
tech-c:       CREW-RIPE
tech-c:       OPS4-RIPE
mnt-by:       RIPE-NCC-HM-MNT
mnt-lower:    RIPE-NCC-HM-MNT
mnt-routes:   RIPE-NCC-RPSL-MNT
status:       ALLOCATED-BY-RIR
remarks:      This network in not allocated.
              This object is here for Database
              consistency and to allow hierarchical
              authorisation checks.
source:       RIPE # Filtered

mntner:         RIPE-NCC-RPSL-MNT
descr:          This maintainer may be used to create objects to represent
descr:          routing policy in the RIPE Database for number resources not
descr:          allocated or assigned from the RIPE NCC.
admin-c:        RD132-RIPE
auth:           MD5-PW $1$ScJSM7nN$Xw3aAduCRZx4QUEq8QjR5/
remarks:        *******************************************************
remarks:        * The password for this object is 'RPSL', without the *
remarks:        * quotes. Do NOT use this maintainer as 'mnt-by'.     *
remarks:        *******************************************************
mnt-by:         RIPE-DBM-MNT
referral-by:    RIPE-DBM-MNT
source:         RIPE # Filtered





More information about the NANOG mailing list