[134522] in North American Network Operators' Group
Re: ARIN and the RPKI (was Re: AltDB?)
daemon@ATHENA.MIT.EDU (Christopher Morrow)
Thu Jan 6 16:07:27 2011
In-Reply-To: <20110106190330.4FADA1CC3E@ptavv.es.net>
Date: Thu, 6 Jan 2011 16:06:39 -0500
From: Christopher Morrow <morrowc.lists@gmail.com>
To: Kevin Oberman <oberman@es.net>
Cc: NANOG Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Thu, Jan 6, 2011 at 2:03 PM, Kevin Oberman <oberman@es.net> wrote:
>> Date: Thu, 06 Jan 2011 14:24:01 +0900
>> From: Randy Bush <randy@psg.com>
>>
>> > I think ACLs here means prefix-lists ... or I hope that's what Randy
>> > meant?
>>
>> sorry. =A0yes, irr based prefix lists. =A0and, sad to say, data which ha=
ve
>> sucked for 15+ years. =A0i was the poster child for the irr, and it just
>> never took off.
>>
>> [ irr data are pretty bad except for some islands where there is culture
>> =A0 of maintining them. =A0and, as it is a global internet, islands don'=
t
>> =A0 help much. =A0europe and japan are two islands with better than the
>> =A0 average irr data quality. =A0and they have rpki rolling to varied
>> =A0 degrees. ]
>
> The day of reasonable accuracy of the IRR ended when UUnet bought
> ANI. Since ANI actually used the IRR to generate there router configs
s/NI/NS/g
> and ANI was pretty big, people were really forced to register. Curtis
s/NI/NS/
> had a lot of excellent software that did all sorts of impressive stuff
> with the IRR, but I guess that all went into the bit bucket when UUnet
> took over.
we did require you to email nacr-list@ :) that didn't help?
All sed jokes aside, would having attestations that the route you see
is part of a block assigned by IANA to ARIN and from ARIN to UUNET and
from UUNET to JoesCrabShuckers make sense to you? (and to your router
policy provided the router policy engine and code worked)
The efficacy of the IRR isn't at question, the ability to assure with
some level of reasonableness that the thing you see (and eventually
it's path to get to you) is "valid" is what the RPKI system is
building toward.
-Chris
> Very, very sad!
(tears were shed)
> --
> R. Kevin Oberman, Network Engineer
> Energy Sciences Network (ESnet)
> Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
> E-mail: oberman@es.net =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0Phone: +1 510 4=
86-8634
> Key fingerprint:059B 2DDF 031C 9BA3 14A4 =A0EADA 927D EBB3 987B 3751
>
