I suspect the right thing to do is to ask why soBGP and sBGP have failed? And yes, they've failed. Just like DNSSec, we aren't seeing even limited adoption. Why? Too complex, too many moving parts, too much reliance on iffy third parties and requires mass adoption. I suggest that the community finds something that gives us most of what we want, is simple to understand, and can be implemented in a piece-wise fashion. Look at SPF - not perfect, but certainly useful. It is simple, easy to implement, and IS being implemented. One of the Internetworking community's biggest problems is a fixation on the perfect solution. Its natural - we're engineers, after all. We want an elegant 100% solution to our ills. This often leads to something that never gets implemented in real life. Why not do something simple? The in-addr.arpa reverse delegation tree is pretty accurate. We use it for lots of different things. Why not just give IP address blocks a new RR (or use a TXT record) to identify ASN? This solves the biggest problem we have right now, which is stealing of address blocks. It requires little processor overhead, and only a few additional DNS lookups. Its reasonably foolproof. Why create reliance on more databases? The RIRs are iffy. We rely on DNS right now. Why not keep relying on it? This solution doesn't solve all of our problems, but it does help, its easy, and people will implement it. Ok, please start flaming now :) - Dan On 5/23/05 1:45 PM, "bmanning@vacation.karoshi.com" <bmanning@vacation.karoshi.com> wrote:
for the old-timers.... this is not quite sBGP or soBGP, but does have many of the desirable traits.... for the new kids on the block, if ISPs want to do this, its something they can do themselves, w/o centralized coordination, on an incremental basis.
http://www.isoc.org/inet98/proceedings/6h/6h_3.htm
--bill