Danny McPherson wrote:
On Aug 14, 2008, at 1:09 PM, Jared Mauch wrote:
You're missing a step:
janitor.
No really, the reason for some leaks isn't because so-and-so was never a customer, they were. 5 years ago. nobody removed the routes from the IRR or AS-SET or <insert method here> and now the route is learned via some other location and it's bypassed your perimiter security and infiltrated your BGP.
I agree, how many of you folks that use IRRs have ever deleted an IRR object? Heck, some ISPs even add them based on existence of advertised routes.
Agree, IRR objects do get dirty and require cleaning up, The company I work for makes a good effort at this which starts by measuring how dirty they are: http://noc.eu.clara.net/routing.php The problem is caused by a combination of both us and our downstreams not cleaning properly. Over the past few months I've been working on a personal project to clean our IRR objects by making the system which generates them talk closer to the system which bills people. (*) Part of this work has meant going through the pain of providing an internal WHOIS service since we decided that it was the best way of storing data without re-inventing the wheel. This said, if you are not using IRR (at least for your customers) then PLEASE START DOING SO, you'll have plenty of time to worry about keeping it up to date once you can get you or your organisation to grips with it. Dave. * if you are interested you can compare AS-CLARANET macro in the ripedb with AS-CLARANET macro in the ripe testdb (test-whois.ripe.net), This object will launch in the next few weeks.
-danny