[102750] in North American Network Operators' Group
Re: BGP prefix filtering, how exactly? [Re: YouTube IP Hijacking]
daemon@ATHENA.MIT.EDU (Arnd Vehling)
Tue Feb 26 05:12:28 2008
Date: Tue, 26 Feb 2008 11:15:34 +0100
From: Arnd Vehling <av@nethead.de>
To: nanog@merit.edu
In-Reply-To: <alpine.LRH.1.00.0802251457270.15100@netcore.fi>
Errors-To: owner-nanog@merit.edu
Hi,
> In a lot of this dialogue, many say, "you should prefix filter".
> However, I'm not seeing how an ISP could easily adopt such filtering.
>
> Let's consider the options:
[..]
> a) only RIPE IRR uses a sensible security model [1], so if you use
> others, basically anyone can add route objects to the registry.
> How exactly would this model be useful?
[..]
> So, this is no excuse for not doing prefix filtering if you only do
> business in the RIPE region, but anywhere else the IRR data is pretty
> much useless, incorrect, or both.
this is all true and leads us to the question why ARIN, for example,
DOESNT USE A SENSIBLE SECURITY MODEL?!!!!
Actually i asking this myself for a couple of years. IMHO ARIN _should_
either improve their RR software or, better, use the RIPE DB software so
ISPS can build prefix-filters for the ARIN region.
So: Why dont they do it?!!!
Arnd
