On Wed, Apr 19, 2000 at 04:48:14PM +0100, Mike Hughes wrote:
Yep, sure, you can be confidential about where you interconnect, at what speed and choice of media, should you choose. But, you can't be confidential about who you are peering with, because the RA/RIPE will tell anyone with a bit of clue.
Only if people register correct information. Even with the coming implementation of the RPSL Security RFC, nothing can be done about representations for import and export policies in the aut-num objects. The best you can do is note inconsistant policy and trust things a bit more if the policy is consistant. A better indication comes from browsing the AS Paths available in the global BGP. While it is technically possible (shudder) to forge information in the AS Path, this is the best indication of where two AS's have an adjacency. Of course, it doesn't say anything about where that adjacency is. FWIW, RPSL makes it easier than RIPE-181 to specify exceptions to your global policy at particular interfaces. However, most people that register in the public IRR do so to disclose global policy rather than per-router policy. Its nice to see that various parties are documenting operationally useful things in the IRR, such as community strings. I would be slighly surprised if these types of AS regex's are actually used in practice (not to pick on Exodus): import: from AS3967 accept <^AS-EXODUS*$> AND NOT {0.0.0.0/0} Regex matching can be quite processor intensive, and as-exodus isn't small.
Mike
-- Jeffrey Haas - Merit RSng project - jeffhaas@merit.edu