At 11:29 AM -0600 3/11/08, Danny McPherson wrote: >On Mar 11, 2008, at 9:07 AM, Stephen Kent wrote: >> >>The proposal for dealing with stale data (as reflected in the >>manifest I-D) is to continue to use what you have. Thus the >>concerns you cite about what happens if anyone (IR or ISP) fails to >>publish data are not all valid ones. It is fair to note that new or >>changed data that is not published, or that is not fetched in a >>timely fashion, could cause ISPs to reject routes based on such >>changes. Unfortunately, without making change to BGP to carry such >>data, or providing some parallel distribution mechanism that is >>similarly timely, ... > >So to be clear, I didn't intend to propose a web of trust model, although >after rereading my text from earlier, my point wasn't clear. I was simply >pointing out that with a model such as what's currently proposed RIRs >would have a VERY operational role and some authority about what gets >routed and what does not. This is a fundamental change from how things >work today, where things more approximate a web of trust model - if >any. > >-danny
Danny, OK, thanks for the clarification. if nobody checks announcements against any reference(s), then the system can be very responsive, but also vulnerable. I am told that some set of ISPs download IRR data from multiple sources, on a daily basis, and use that data in constructing router filters. For those ISPs, route object info changes that are missed in a periodic download can result in the sort of problems you cite. For the ISPs who adopt this model, this appears to be an acceptable, if imperfect, tradeoff. Nobody can mandate that all ISPs make use of ROA, BOA, and other data that will become available from the SIDR work. If enough folks find it useful, them presumably it will be used, otherwise not. Also, the static distribution of info via a repository system is not the ultimate goal of the SIDR work, just the starting point. Steve _______________________________________________ Sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
