ARIN and the RPKI (was Re: AltDB?)
morrowc.lists at gmail.com
Thu Jan 6 15:06:39 CST 2011
On Thu, Jan 6, 2011 at 2:03 PM, Kevin Oberman <oberman at es.net> wrote:
>> Date: Thu, 06 Jan 2011 14:24:01 +0900
>> From: Randy Bush <randy at psg.com>
>> > I think ACLs here means prefix-lists ... or I hope that's what Randy
>> > meant?
>> sorry. yes, irr based prefix lists. and, sad to say, data which have
>> sucked for 15+ years. i was the poster child for the irr, and it just
>> never took off.
>> [ irr data are pretty bad except for some islands where there is culture
>> of maintining them. and, as it is a global internet, islands don't
>> help much. europe and japan are two islands with better than the
>> average irr data quality. and they have rpki rolling to varied
>> degrees. ]
> The day of reasonable accuracy of the IRR ended when UUnet bought
> ANI. Since ANI actually used the IRR to generate there router configs
> and ANI was pretty big, people were really forced to register. Curtis
> had a lot of excellent software that did all sorts of impressive stuff
> with the IRR, but I guess that all went into the bit bucket when UUnet
> took over.
we did require you to email [email protected] :) that didn't help?
All sed jokes aside, would having attestations that the route you see
is part of a block assigned by IANA to ARIN and from ARIN to UUNET and
from UUNET to JoesCrabShuckers make sense to you? (and to your router
policy provided the router policy engine and code worked)
The efficacy of the IRR isn't at question, the ability to assure with
some level of reasonableness that the thing you see (and eventually
it's path to get to you) is "valid" is what the RPKI system is
> Very, very sad!
(tears were shed)
> R. Kevin Oberman, Network Engineer
> Energy Sciences Network (ESnet)
> Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
> E-mail: oberman at es.net Phone: +1 510 486-8634
> Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
More information about the NANOG