On Monday, Apr 14, 2003, at 11:31 Canada/Eastern, Russell Heilling wrote:
Enforcement by upstream was actually what I meant here. Defined standards and a good set of tools to build filters will lead to more people building filters based on registered policy, which should force people to overcome laziness and to keep things up to date.
At the moment, if some customer wants to announce some non-PA block of addresses to their ISP they probably have some ISP-specific, manual, support-based procedure to wade through, during which there is at least a passing chance that some ISP engineer will check to see that the block to be announced looks plausibly legitimate. I have had dealings with a number of ISPs who do fairly exhaustive checking, down to requiring the RIR-tagged administrative contact to fax authorisation for them to accept and propagate the route. On the other hand, if all ISPs blindly believe what customers tell them just because the customers are telling them via the IRR, there is a much greater chance of mess, both accidental and malicious. I guess as an ISP you could accommodate both by using a customer import policy like aut-num: AS9327 import: from AS9327:AS-CUST-SET action pref=100; accept AS9327:AS-CUST-SET AND (AS9327:AS-CUST-VERIFIED OR AS9327:RS-CUST-VERIFIED); to choose the intersection of whatever CUST thinks they should be able to announce with what you have verified CUST should be able to announce. But how many people do that? It seems more common for IRR-builders to say "what's your macro?" and blindly trust it. Maybe I'm missing something. Joe