[150499] in North American Network Operators' Group
Re: do not filter your customers
daemon@ATHENA.MIT.EDU (Randy Bush)
Sat Feb 25 04:53:37 2012
Date: Sat, 25 Feb 2012 15:22:35 +0530
From: Randy Bush <randy@psg.com>
To: Shane Amante <shane@castlepoint.net>
In-Reply-To: <6424C3E0-E806-4789-A2A8-85CE4EAB2A0E@castlepoint.net>
Cc: North American Network Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> as would be solving world hunger, war, bad cooking, especially bad
> cooking.
>
> route leaks, as much as i understand them
> o are indeed bad ops issues
> o are not security per se
> o are a violation of business relationshiops
> o and 20 years of fighting them have not given us any significant
> increase in understanding, formal definition, or prevention.
let me try to express how i see the problem. to do this rigorously, i
would need to form the transitive closure of the business policies of
every inter-provider link on the internet.
why i say it is per-link and not just inter-as (which would be hard
enough) is that i know a *lot* of examples where two ass have different
business policies on different links. [ i'll exchange se asian routes
with you in hong kong, but only sell you transit in tokyo. we have two
links in frankfurt, one local peering and one international transit. ]
it is not just one-hop because telstra was 'supposed to' pass some
customers' customers' routes to optus.
i find this daunting. but i would *really* like to be able to
rigorously solve it. please please please explain to me how it is
simpler than this.
randy
