Theorical question about cyclic dependency in IRR filtering

• Previous message (by thread): Theorical question about cyclic dependency in IRR filtering
• Next message (by thread): Theorical question about cyclic dependency in IRR filtering
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Nov 29, 2021 at 8:14 AM Job Snijders via NANOG <nanog at nanog.org>
wrote:

> Hi Anurag,
>
> Circular dependencies definitely are a thing to keep in mind when
> designing IRR and RPKI pipelines!
>
> In the case of IRR: It is quite rare to query the RIR IRR services
> directly. Instead, the common practise is that utilities such as bgpq3,
> peval, and bgpq4 query “IRRd” (https://IRRd.net) instances at for example
> whois.radb.net and rr.ntt.net. You can verify this with tcpdump. These
> IRRd instances serve as intermediate caches, and will continue to serve old
> cached data in case the origin is down. This phenomenon in the global IRR
> deployment avoids a lot of potential for circular dependencies.
>
> Also, some organisations use threshold checks before deploying new
> IRR-based filters to reduce risk of “misfiring”.
>
>
beyond just 'did the filter deployed change by +/- X%'
you probably don't want to deploy content if you can't actually talk to the
source... which was anurag's proposed problem.

I suppose there are a myriad of actual failure modes though ;) and we'll
always find more as deployments progress... hurray?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20211129/b116e799/attachment.html>

• Previous message (by thread): Theorical question about cyclic dependency in IRR filtering
• Next message (by thread): Theorical question about cyclic dependency in IRR filtering
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]