[14447] in North American Network Operators' Group
Re: route ingress
daemon@ATHENA.MIT.EDU (Vadim Antonov)
Tue Dec 30 19:19:09 1997
Date: Tue, 30 Dec 1997 16:13:58 -0800
From: Vadim Antonov <avg@pluris.com>
To: Randy Bush <randy@psg.com>, nanog@merit.edu
> filters are your friend. filters are your friends' friend.
Yes, but centralized database is not the answer. For one, it
is liable to be screwed up completely from time to time (that much,
InterNIC experience shows us). It is expensive to maintain; and
the problem of accuracy of the information within is quite acute.
The political implications of a cenrtalized agency are even worse;
i do not think we want a replay of the domain name debate.
The only real solution is strong cryptographical authentication of
the ownership of routing prefixes. For some reason i do not see
any serious work in that direction being done.
For now, it may be a good idea for tier-1 providers to adhere to a
procedure similar to that used (or used to be used) by Sprint: no
customer routing information is accepted before customer's border
box configuration passed inspection by Sprint staff. No-nos included
unfiltered redistribution of IGP into BGP and lack of anti-transit AS-path
filters.
---vadim
