At 04:13 PM 12/30/97 -0800, Vadim Antonov wrote:
filters are your friend. filters are your friends' friend.
Yes, but centralized database is not the answer. For one, it is liable to be screwed up completely from time to time (that much, InterNIC experience shows us). It is expensive to maintain; and the problem of accuracy of the information within is quite acute. The political implications of a cenrtalized agency are even worse; i do not think we want a replay of the domain name debate.
The only real solution is strong cryptographical authentication of the ownership of routing prefixes. For some reason i do not see any serious work in that direction being done.
For now, it may be a good idea for tier-1 providers to adhere to a procedure similar to that used (or used to be used) by Sprint: no customer routing information is accepted before customer's border box configuration passed inspection by Sprint staff. No-nos included unfiltered redistribution of IGP into BGP and lack of anti-transit AS-path filters.
Vadim, Your policy above is unwise from the perspective that it seems to believe that configuration errors are a one time problem. A more reasonable policy is to help your customers learn how to setup filters properly, and then filter heavily on /your/ router to make certain hat no matter what they do they can't effect either your internal, or external routing. ************************************************************** Justin W. Newton voice: +1-650-482-2840 Senior Network Architect fax: +1-650-482-2844 PRIORI NETWORKS, INC. http://www.priori.net Legislative and Policy Director, ISP/C http://www.ispc.org "The People You Know. The People You Trust." **************************************************************