RE: updating bogon filters for 83/8 and 84/8
Sean Donelan wrote: Don't forget about the other half of the problem. ISPs need to verify the network announcements by their downstream BGP networks.
Indeed, and it is clear to me that the future solution is some kind of a certificate or something that can authenticate the block being advertised. However, we're not there yet.
Eventually most of the current "bogons" will be assigned, and bogon filters will continue to be less and less useful.
Indeed. I will point out two things though: 1. This is in 10+ years, likely. Nobody really knows when, one of the reasons being: 2. As we allocate new blocks, part of them is for new use and part of them is used to replace existing assignments. In this very case, at least one of the ISPs concerned is getting a single new block and releasing a bunch of other smaller blocks to RIPE. So we are actually seing defragmentation of the routing table, which is good for everyone. This leads to pushing back even further the exhaustion of space, because we are allocating new space now but the space being freed by new allocations that consolidate several blocks will be made available only later. Since everyone is gaining routing table size reduction in this deal, we must encourage all that are willing to consolidate, and part of this is removing the current inconvenience brought by slow updates of the bogon filters, which in turn means more automation.
On the other hand, positive verification will continue to improve the stability of the network.
Which is why the mechanism we are recommending is not limited to bogons but targeted at more generic prefix filtering. http://arneill-py.sacramento.ca.us/draft-py-idr-redisfilter-01.txt Michel.
participants (1)
-
Michel Py