[175611] in North American Network Operators' Group
Re: ARIN / RIR Pragmatism (WAS: Re: RADB)
daemon@ATHENA.MIT.EDU (Bill Woodcock)
Sat Oct 25 09:02:11 2014
X-Original-To: nanog@nanog.org
From: Bill Woodcock <woody@pch.net>
In-Reply-To: <2d985af31ab9cf2390fc99ea7d1c3e85@tcb.net>
Date: Sat, 25 Oct 2014 22:01:56 +0900
To: Danny McPherson <danny@tcb.net>, Wes Hardaker <hardaker@tislabs.com>,
Russ Mundy <mundy@tislabs.com>
Cc: nanog list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
--Apple-Mail=_F98DD2A6-2F11-41A2-B111-042218DC8059
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=windows-1252
On Oct 25, 2014, at 9:38 PM, Danny McPherson <danny@tcb.net> wrote:
> On 2014-10-24 15:24, Christopher Morrow wrote:
>=20
>> it seems to me that there are a couple simple issues with IRR data
>> (historically):
>> 1) no authority for it (really, at least in the ARIN region)
>> 2) no common practice of keeping it updated
>> 3) proxy-registration issues (probably part of cleanup and authority =
issues)
>> 4) lack of widespread use due to the above issues.
>=20
> I think that's a subset of the issues. Those and others are captured =
here:
>=20
> =
<https://tools.ietf.org/html/draft-ietf-grow-irr-routing-policy-considerat=
ions-05>
>=20
> Ironically, many of the issues that lead to decay in IRR use have been =
resolved, while others exist in RPKI, even.
>=20
> Baldur's RIPE IRR point is a fair one and worthy of consideration, I'm =
all for low-hanging fruit.
>=20
>> I was/am hopeful that providing some path from IANA (eventually) on
>> down through RIR to LIR to end-user for 'authority to use' ip
>> resources would help in letting people use the IRR data cleansed of
>> insanity by the data from this path, and then into routers for route
>> filters.
>=20
> And datapath filters for inter-domain anti-spoofing, perhaps, as it's =
largely the same policy (I know there are corner cases people that don't =
want to do this point out).
>=20
>> The RPKI system looks like the path in question, to me.
>=20
> I know you're an RPKI fan, I'm at peace with that :-)
>=20
> However, unless you can fortify the systems that RPKI (or any other =
resource certification infrastructure) would inform, operators have =
little incentive to use it as all the systems that are already deployed =
and still have to use (e.g., whois, in-addr.arpa, IRR, etc.) still have =
to be used and managed and operated. RPKI adds considerable =
complexity, costs, scaling challenges, new external dependencies, etc.. =
I actually think it'd have been a challenge to design something _more =
complicated than RPKI to address the problem space, but that's just me.
I had dinner with Russ and Wes during the LA ICANN meeting, and asked, =
in passing, whether RPKI conferred any benefits that just throwing =
appropriate IRR records into a signed in-addr didn=92t, and they had an =
answer in the affirmative, but I can=92t remember the details now, =
because I was jet-lagged and it was in the middle of a conversation =
about something else. Russ, Wes, anyone else with an interest, could =
you explain that again?
-Bill
--Apple-Mail=_F98DD2A6-2F11-41A2-B111-042218DC8059
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJUS59EAAoJEG+kcEsoi3+HCbwQAJOkkpltYbZSoFQLvEvne6oR
eHG7HYHrb9JM9M+cQ6ETgW7g77JYmEs7PVAqfdeFZCZ+ia6W/PMNwAYaFMpMDMp/
Pn5/oR3KxXJqvKstoCeux80ckJfcXDh8sMrdWNpFbjT+6VavY6gBACVmoYXtVmTW
i9ppIOO17XFZOUbN/XgeY8V7xzDt0qo4q2pQqgjcWQZGEWPt/uMb+lkFwS1xtN2L
WZGwzTU0tm0zObz3qOr8pTuGDndqsB2yLTE+zzEZJr274EW6yxghtbpt+HPCmE7O
OaMGPHMlsAxRzRZwWUd5RrO1qWKvUpy8N8HvGgYEYQAMN1PMIsi2wSfgKHWEnz0R
Sy54ueC5TcE//fSO27NhiQe9orszx334X5u5FFwKCG3AasD3cMK6zIe4uyBk3qsF
RR0EFXmhESTibpyOnOe/hUlwd+rTmdM7wYjmOWOes8GSFiXHi5CwrJgjuZG/KFeJ
UGFrYJ9OUVY3VA8+cCHeF0WR9Tnk+f4B3GZOCwYPLvR3YdpEfpWX7nWgwOq7Qys8
w/pYZSJHY0wktfe9kgDHSPpyu+JVM4KrVhDireBunKDY6iZu+Q2FHQ0NwJYEAIyK
Dp2lmp4Fac1R9krMSwc4gCG4AUCdUDXaWWh/4ELj2KxDUZLnD5bXLwceV+LPK6oV
7thdxEw4Gk6En2ZQrDH8
=+3i8
-----END PGP SIGNATURE-----
--Apple-Mail=_F98DD2A6-2F11-41A2-B111-042218DC8059--
