On Fri, Feb 24, 2012 at 3:59 PM, Leo Bicknell <bicknell@ufp.org> wrote:
In a message written on Fri, Feb 24, 2012 at 01:04:20PM -0700, Shane Amante wrote:
Solving for route leaks is /the/ "killer app" for BGPSEC. I can't understand why people keep ignoring this.
Not all "leaks" are bad.
I remember when there was that undersea landside in Asia that took out a bunch of undersea cables. Various providers quickly did mutual transit and other arrangements to route around the problem, getting a number of things back up quite quickly. These did not match IRR records though, and likely would not have matached BGPSEC information, at least not initially.
well.... for bgpsec so if the paths were signed, and origins signed, why would they NOT pass BGPSEC muster? I can see that if the IRR data didn't match up sanely prefix-lists/filters would need some cajoling, but that likely happened anyway in this case. -chris