amb@gxn.NET (Alex Bligh) writes:
Transits - I did a survey on NANOG a few months ago as to who filtered and how (both peers and customers). About 50% of those who replied used RADB or another similar database (possibly their own, like CA*NET, MCI/CW, Level3 etc.) for filtering either peers or customers. However, I suspect this number is heavilly skewed in favour of vocal NANOG people who like IRRs. Filtering customers was way more prevalent than filtering peers.
I had asked if the routing registries had become irrelevant with the end of ANS. Alex's survey indicated some possibly influential networks still filtered based on the contents of the IRR-like databases. Although it doesn't affect Alex, April 15th is a date which means something to about 40 million Americans. Tax forms are due today. The IRS web site www.irs.gov is based at IP address 192.239.92.47. What's interesting is the lack of correct information about this address in the IRR databases which makes it very difficult for any network service provider to verify the correct source of this route announcement. 192.239.92.47 is announced by NTIS's ASN 10616 via UUNET ASN 701. I could not find a valid aut-num object for ASN 10616, and the covering route object for 192.239.92.47 was an old SURANET/BBN block for 192.239/16 indicating a source AS 1. The lack of correct current routing registry information for the IRS web site doesn't seem to have hurt its connectivity. Other the other hand, it also wouldn't hurt the connectivity of someone impersonating the IRS web site network route. The rest of the Internet just has to take the routes on faith. -- Sean Donelan, Data Research Associates, Inc, St. Louis, MO Affiliation given for identification not representation
Sean Donelan wrote:
192.239.92.47 is announced by NTIS's ASN 10616 via UUNET ASN 701. I could not find a valid aut-num object for ASN 10616, and the covering route object for 192.239.92.47 was an old SURANET/BBN block for 192.239/16 indicating a source AS 1.
This is reasonably typical ...
The lack of correct current routing registry information for the IRS web site doesn't seem to have hurt its connectivity. Other the other hand, it also wouldn't hurt the connectivity of someone impersonating the IRS web site network route. The rest of the Internet just has to take the routes on faith.
Don't let a route being registered in one of the routing registries lull you into a false sense of security (sic), there is zero to very little real authentication done on a route registration. It only takes an ounce (or less) knowledge to register a route as being originated from any AS. Do I think this is a real problem? It hasn't been so far, probably due to our cooperative and trusting nature >;). I think it would take quite some resources and reputation killing stupidity (or malice) to inject 'illegal' routes and then do something meaningful with them. -Steve
Sean, SEAN@SDG.DRA.COM said:
The lack of correct current routing registry information for the IRS web site doesn't seem to have hurt its connectivity. Other the other hand,
Of course not. My point was about transits filtering *customers* by IRR If transits are only filtering their *customers* not their peers by IRR, connectivity will only be affected if the IRS's *upstream* uses the IRR. AS701 does not use the IRR AFAIR. Also those who filter *peers* by IRR normally only filter smaller peers, it would seem. I know of noone who filters AS701 by IRR. -- Alex Bligh GX Networks (formerly Xara Networks)
* I'm getting subliminal messages ... that you guys are worried about filing your taxes late. SO you are trying to figure out how to spoof the IRS's routing announcements so that you can send yourselves an email from the IRS saying "Don't worry, don't pay your taxes this year, you are exempt because you are such a nice person". ;-) At 04:40 PM 4/15/99 +0200, you wrote:
Sean,
SEAN@SDG.DRA.COM said:
The lack of correct current routing registry information for the IRS web site doesn't seem to have hurt its connectivity. Other the other hand,
Of course not. My point was about transits filtering *customers* by IRR If transits are only filtering their *customers* not their peers by IRR, connectivity will only be affected if the IRS's *upstream* uses the IRR. AS701 does not use the IRR AFAIR.
Also those who filter *peers* by IRR normally only filter smaller peers, it would seem. I know of noone who filters AS701 by IRR.
-- Alex Bligh GX Networks (formerly Xara Networks)
--- Alan Spicer (NIC Handle: AGS14) Systems Administration - Tech Support www.eBIZnet.com,inc.
Of course not. My point was about transits filtering *customers* by IRR If transits are only filtering their *customers* not their peers by IRR, connectivity will only be affected if the IRS's *upstream* uses the IRR. AS701 does not use the IRR AFAIR.
Thats because UUNET are world leaders at not playing ball. They are the "World Series" of ISPs. Regards, Neil. -- Neil J. McRae - Alive and Kicking. neil@DOMINO.ORG
participants (5)
-
Alan Spicer
-
Alex Bligh
-
Neil J. McRae
-
Sean Donelan
-
Steve Carter