On Mon, Jan 24, 2011 at 11:27 PM, Steven Bellovin <smb@cs.columbia.edu> wrote:
On Jan 24, 2011, at 10:31 30PM, Christopher Morrow wrote:
it's not the best example, but I know that at UUNET there were plenty of examples of the in-addr tree not really following the BGP path.
The other essential point is that routers don't do RPKI queries in real-time; rather, they have a copy of the entire RPKI database, which they update as needed. In other words, the operational model doesn't fit the way the DNS works.
sure, I was just adding fuel to jabley's in-addr graphing. thinking of using DNS is tempting, but there seem to be some corner cases that would cause hackery, so why not try to do it 'right' originally instead of using that shoe-horn? -chris (eh.. for the record, I do participate in the SIDR-wg which is trying to do this with the rPKI, so I am a little biased I suppose)