[99928] in North American Network Operators' Group
Re: How Not to Multihome
daemon@ATHENA.MIT.EDU (Leo Vegoda)
Tue Oct 9 13:50:51 2007
In-Reply-To: <8CAC0637-35F9-451C-8E0A-58DDBD361566@nosignal.org>
Cc: Keegan.Holley@sungard.com, nanog list <nanog@merit.edu>
From: Leo Vegoda <leo.vegoda@icann.org>
Date: Tue, 9 Oct 2007 19:48:35 +0200
To: Andy Davidson <andy@nosignal.org>
Errors-To: owner-nanog@merit.edu
On 9 Oct 2007, at 17:47, Andy Davidson wrote:
[...]
> However, if a different third-party network then sweeps up their
> routing table by looking to remove more specifics that seem
> 'spoofed' using IRR data, the routes you intend to push onto the
> internet may well start to disappear from their perspective.
I don't think this should be possible if the database implements RPSS
(RFC 2725) properly. I believe that it should only be possible to
create a more specific route object with the agreement using whatever
PGP/X.509 security you like if you have used mnt-lower and mnt-routes
attributes as appropriate.
I'm not sure I'd want to publish my routing policy in a database that
didn't have a reasonable implementation of RPSS.
Leo
