[153390] in North American Network Operators' Group
Re: ROVER routing security - its not enumeration
daemon@ATHENA.MIT.EDU (Randy Bush)
Tue Jun 5 15:42:09 2012
Date: Tue, 05 Jun 2012 12:40:52 -0700
From: Randy Bush <randy@psg.com>
To: Christopher Morrow <morrowc.lists@gmail.com>
In-Reply-To: <CAL9jLabSFkKrapi1Lu82OkqHHwBSLAy04XWWxF13FPaPxjdR2w@mail.gmail.com>
Cc: North American Network Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
>> There are number of operational models that provide the needed
>> routing protection without enumeration.
> I can see a use-case for something like:
> "Build me a prefix list from the RIR data"
this requires a full data fetch, not doable in dns.
and, at the other end of the spectrum, for any dynamic lookup on
receiving a bgp announcement, the data had best be already in the
router. a full data set on an in-rack cache will go nuts on any
significant bgp load. beyond that, you are in non-op space.
randy
