[111875] in North American Network Operators' Group
Re: Global Blackhole Service
daemon@ATHENA.MIT.EDU (Matthew Moyle-Croft)
Sat Feb 14 19:02:54 2009
Date: Sun, 15 Feb 2009 10:32:35 +1030
From: Matthew Moyle-Croft <mmc@internode.com.au>
To: Florian Weimer <fw@deneb.enyo.de>
In-Reply-To: <87k57swsep.fsf@mid.deneb.enyo.de>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
Florian Weimer wrote:
> If you want to run a public exchange point, you need to solve the same
> announcement validation problem. Multiple organizations appear to do
> it successfully, so it can't be that difficult.
How exactly do you do "validation"? If I give you a list of ASes and
prefixes, what can you do to validate that they're ones I can actually
announce on behalf of someone else? I can put whatever I want in an
AS-SET (etc) pretty much. How do you actually check that I have the
right relationship with a customer (or customer of a customer of a
customer etc)?
To put it into context - the approach of stuffing other people's ASes in
a path to prevent them learning it is wide spread, especially in Asia -
I've seen AS-SETs with all sorts of Tier1/2 ASes even though I know that
they have no transit relationship with them!
MMC
--
Matthew Moyle-Croft - Internode/Agile - Networks
Level 4, 150 Grenfell Street, Adelaide, SA 5000 Australia
Email: mmc@internode.com.au Web: http://www.on.net
Direct: +61-8-8228-2909 Mobile: +61-419-900-366
Reception: +61-8-8228-2999 Fax: +61-8-8235-6909
