On Thu, Mar 28, 2013 at 1:07 PM, Jay Ashworth <jra@baylink.com> wrote:
My understanding has always been different from that, based on the idea that the carrier to which a customer connects is the only one with which that end-site has a business relationship, and therefore (frex), the only one whom that end-site could advise that they believe they have a valid reason to originate traffic from address space not otherwise known to the carrier; jack-leg dual-homing, for example, as was discussed in still a third thread this week.
Hi Jay, There's a two part heirarchy of contracts involved in every legitimate end-to-end communication which occurs over the Internet, right? You buy service from someone who buys service on your behalf from someone who buys service on his behalf from someone. The other endpoint does the same, starting with his ISP. The contract hierarchies meet at the top, either with a single backbone ISP or with a pair of backbone ISPs who do settlement-free peering with each other. So, you represent to your ISP that you're authorized to use a certain range of addresses. He represents to his upstream that he's authorized to use them on your behalf, and so on. The reliability of these representations obviously falls at they grow distant from the source. So what? That's a problem for RPKI. The problem we need concern ourselves with is dropping packets whose source addresses are inconsistent with our customer's _representation_ of the addresses he's authorized to originate, however reliable or unreliable that representation may turn out to be. Regards, Bill Herrin -- William D. Herrin ................ herrin@dirtside.com bill@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004