[136006] in North American Network Operators' Group
Re: Level 3's IRR Database
daemon@ATHENA.MIT.EDU (Jared Mauch)
Mon Jan 31 15:19:15 2011
From: Jared Mauch <jared@puck.nether.net>
In-Reply-To: <AANLkTim2ABoNd-seC6pS_sNUCDxeTrabus4r2+0BkE4M@mail.gmail.com>
Date: Mon, 31 Jan 2011 15:19:05 -0500
To: Christopher Morrow <morrowc.lists@gmail.com>
Cc: andree@toonk.nl, nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jan 31, 2011, at 3:11 PM, Christopher Morrow wrote:
>> I understand this is by design, but I can imagine some operators will =
be
>> reluctant to actually drop routes when they start testing RPKI =
deployments
>> in their networks.
>=20
> yes, but what is the way forward?
RPKI in my IPv6? :)
Someone is going to be the first person to jump into this sea. It =
continues to be something that I am interested in. If you look at the =
risk to your $dayjob, at minimum you should be looking at RPKI for your =
infrastructure IP space, similar to how you might obtain a certificate =
for your corporate website.
I applaud vendors of hardware and IP services that have managed to do =
BCP-38 type packet filtering. It cleans up the mess others have to see. =
This is the same thing IMHO. We need to keep the routing =
infrastructure secure. This doesn't mean you have to secure your =
network. But I can decide that if you buy into the same security model =
as described via SIDR/RPKI you may obtain better preference in my =
network.
- Jared
