On Feb 26, 2008, at 1:07 PM, Steve Gibbard wrote:
As far as I can piece together from what's been reported and argued here, there were three responsible parties: The Pakistani Government who ordered YouTube blocked, Pakistan Telecom who implemented a lawful order but overshot their government's jurisdiction, and PCCW who accepted the announcements and passed them on to the world.
This sure sounds a lot like tragedy of the commons... To say these guys should have done X, Y, and Z - and not made a mistake - so that I don't have to better protect myself and my customers sure seems a bit disingenuous to me. AND do tell yourself that tomorrow when the next malicious OR inadvertent route announcement occurs and breaks something else folks seems to care about. While I agree with Jared's basic NVRAM point, I'm not particularly sympathetic to it anymore. There's nothing stopping any provider today from implementing more explicit policy sets, at both the customer edge, and the inter-provider edge. And by more explicit I don't mean trivial AS path policies, I mean prefix-based policies derived from AS-MACRO style data. Sure, operators would have to start employing IRRs, and IRRs would have to start ensuring more secure infrastructure exists, and configurations would need to be touched more often, and router vendors would need additional incremental scale, but the basic infrastructure is there -- it's just become particularly dusty over the past decade. The fact is that employment of explicit inter-domain prefix filtering seems to only be deteriorating from where it was 15 years ago is telling, and I think folks have become lazy and accepting, even as more and more critical infrastructure and services require an available and accurate routing system. IMO, the onus is on the operators to step up... -danny