On Sep 29, 2011, at 9:06 AM, Leo Bicknell wrote: > > Seriously, show me an algorythm to find a leak for a Anycast service > that does not require any pre-knowledge about how the Anycast service is > configured. I submit such a thing does not exist.
I never said "does not require any pre-knowledge". As a matter of fact, what I said, and what the draft says, is that with unique origins the services operator _could publish in a well-known location a list of origin ASNs for a given prefix and the feasible adjacent upstreams for each ASN. With that information network operators can make informed decisions about the legitimacy of a new path in the routing system for a critical Internet services prefix. Today, a prefix and common origin can appear from anywhere and network operators have no indication of whether it is feasible or not (I know of at least two occurrences of this that have impacted consumers), and operators have very little to inform them as to how to detect rogue nodes or malicious paths, and nothing to apply policy to a path known to be undesirable, or how to determine if a new node is legitimate or not. These static policies in no way provide the long-term fix, but in the interim they provide a routing system discriminator and visibility to operators. If you don't believe a discriminator in the routing system for anycasted prefixes is useful, well, duly noted. -danny _______________________________________________ GROW mailing list [email protected] https://www.ietf.org/mailman/listinfo/grow
