[135418] in North American Network Operators' Group
Re: [arin-announce] ARIN Resource Certification Update
daemon@ATHENA.MIT.EDU (Christopher Morrow)
Mon Jan 24 23:36:27 2011
In-Reply-To: <81DB557A-6336-40AE-9F1A-2E4A2718B1C9@cs.columbia.edu>
Date: Mon, 24 Jan 2011 23:35:46 -0500
From: Christopher Morrow <morrowc.lists@gmail.com>
To: Steven Bellovin <smb@cs.columbia.edu>
Cc: NANOG Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mon, Jan 24, 2011 at 11:27 PM, Steven Bellovin <smb@cs.columbia.edu> wro=
te:
>
> On Jan 24, 2011, at 10:31 30PM, Christopher Morrow wrote:
>> it's not the best example, but I know that at UUNET there were plenty
>> of examples of the in-addr tree not really following the BGP path.
>>
> The other essential point is that routers don't do RPKI queries in
> real-time; rather, they have a copy of the entire RPKI database, which
> they update as needed. =A0In other words, the operational model doesn't
> fit the way the DNS works.
sure, I was just adding fuel to jabley's in-addr graphing. thinking of
using DNS is tempting, but there seem to be some corner cases that
would cause hackery, so why not try to do it 'right' originally
instead of using that shoe-horn?
-chris
(eh.. for the record, I do participate in the SIDR-wg which is trying
to do this with the rPKI, so I am a little biased I suppose)
