[29451] in North American Network Operators' Group
Re: using IRR tools for BGP route filtering
daemon@ATHENA.MIT.EDU (Jeff Haas)
Fri Jun 23 15:41:32 2000
Date: Fri, 23 Jun 2000 15:39:23 -0400
From: Jeff Haas <jeffhaas@merit.edu>
To: Mark Borchers <markb@infi.net>
Cc: nanog@merit.edu
Message-ID: <20000623153923.A18769@vorlon.merit.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <200006231756.NAA00246@ns2.harpweek.com>; from Mark Borchers on Fri, Jun 23, 2000 at 12:56:32PM -0500
Errors-To: owner-nanog-outgoing@merit.edu
On Fri, Jun 23, 2000 at 12:56:32PM -0500, Mark Borchers wrote:
> Are there any plans to correlate route registry objects against
> address registry databases?
Yes. RFC 2725 - Routing Policy System Security.
This will provide an authorization mechanism for delegation of
objects. This includes provisions for "unauhorized" (private)
data in the IRR - its simply tagged differently.
> I believe that one of the roots of this thread is the need to validate
> the legitimacy of not only routes, but registered route objects.
Oh believe me, we know. :-)
> Although it is too much to expect that route objects will match up
> cleanly with address block assignments at the outset, performing
> such a correlation would at least identify the scope of the problem.
I've had some initial conversations with ARIN on getting SWIP information
published in RPSL format (as inet-num objects) minus the contact
information. Now if someone has an idea for how to represent
allocation lengths for the IP registries in an inet-num object,
I think we can make a lot of people happy.
We will also be talking to RIPE and APNIC about this as work progresses.
> Mark Borchers Splitrock Services
--
Jeffrey Haas - Merit RSng project - jeffhaas@merit.edu
