ARIN / RIR Pragmatism (WAS: Re: RADB)

• Previous message (by thread): ARIN / RIR Pragmatism (WAS: Re: RADB)
• Next message (by thread): ARIN / RIR Pragmatism (WAS: Re: RADB)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Oct 25, 2014, at 9:38 PM, Danny McPherson <danny at tcb.net> wrote:

> On 2014-10-24 15:24, Christopher Morrow wrote:
> 
>> it seems to me that there are a couple simple issues with IRR data
>> (historically):
>>  1) no authority for it (really, at least in the ARIN region)
>>  2) no common practice of keeping it updated
>>  3) proxy-registration issues (probably part of cleanup and authority issues)
>>  4) lack of widespread use due to the above issues.
> 
> I think that's a subset of the issues.  Those and others are captured here:
> 
> <https://tools.ietf.org/html/draft-ietf-grow-irr-routing-policy-considerations-05>
> 
> Ironically, many of the issues that lead to decay in IRR use have been resolved, while others exist in RPKI, even.
> 
> Baldur's RIPE IRR point is a fair one and worthy of consideration, I'm all for low-hanging fruit.
> 
>> I was/am hopeful that providing some path from IANA (eventually) on
>> down through RIR to LIR to end-user for 'authority to use' ip
>> resources would help in letting people use the IRR data cleansed of
>> insanity by the data from this path, and then into routers for route
>> filters.
> 
> And datapath filters for inter-domain anti-spoofing, perhaps, as it's largely the same policy (I know there are corner cases people that don't want to do this point out).
> 
>> The RPKI system looks like the path in question, to me.
> 
> I know you're an RPKI fan, I'm at peace with that :-)
> 
> However, unless you can fortify the systems that RPKI (or any other resource certification infrastructure) would inform, operators have little incentive to use it as all the systems that are already deployed and still have to use (e.g., whois, in-addr.arpa, IRR, etc.) still have to be used and managed and operated.   RPKI adds considerable complexity, costs, scaling challenges, new external dependencies, etc..  I actually think it'd have been a challenge to design something _more complicated than RPKI to address the problem space, but that's just me.

I had dinner with Russ and Wes during the LA ICANN meeting, and asked, in passing, whether RPKI conferred any benefits that just throwing appropriate IRR records into a signed in-addr didn’t, and they had an answer in the affirmative, but I can’t remember the details now, because I was jet-lagged and it was in the middle of a conversation about something else.  Russ, Wes, anyone else with an interest, could you explain that again?

                                -Bill




-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20141025/c2020a51/attachment.sig>

• Previous message (by thread): ARIN / RIR Pragmatism (WAS: Re: RADB)
• Next message (by thread): ARIN / RIR Pragmatism (WAS: Re: RADB)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]