On Tue, 11 Mar 2008, Shane Amante wrote:
> Sandy, > > Sandra Murphy wrote: >> >> On Tue, 11 Mar 2008, Danny McPherson wrote: >> >>> On Mar 11, 2008, at 9:07 AM, Stephen Kent wrote: >>>> The proposal for dealing with stale data (as reflected in the >>>> manifest I-D) is to continue to use what you have. Thus the concerns >>>> you cite about what happens if anyone (IR or ISP) fails to publish >>>> data are not all valid ones. It is fair to note that new or changed >>>> data that is not published, or that is not fetched in a timely >>>> fashion, could cause ISPs to reject routes based on such changes. >>>> Unfortunately, without making change to BGP to carry such data, or >>>> providing some parallel distribution mechanism that is similarly >>>> timely, ... >>> So to be clear, I didn't intend to propose a web of trust model, >>> although >>> after rereading my text from earlier, my point wasn't clear. I was >>> simply >>> pointing out that with a model such as what's currently proposed RIRs >>> would have a VERY operational role and some authority about what gets >>> routed and what does not. This is a fundamental change from how things >>> work today, where things more approximate a web of trust model - if >>> any. >> >> I understand that the effect of RIRs on routing will be more apparent, but >> I don't understand saying they have no impact today. >> >> For RIRs whose database is a comingled resource and routing database (e.g., >> RIPE), a billing dispute can effect the RIPE IRR which many people use in >> routing operations. And the whois is also frequently consulted in making >> routing decisions. > > I think you may be confusing "registration services", (e.g.: acquiring & > registering PI space and/or ASN's), vs. IRR -- Internet Routing Registries. > The IRR's directly affect routing policy on ISP networks, because SP's build > prefix, etc. filters off them. And, nearly all IRR's are *free* to the > public, specifically: ARIN, RIPE (according to info publicly available on > their Web sites) ... even Level 3. Thus, non-payment for "registration > services" (not IRR services) is going to have little to no impact on routing > policy on provider's networks. > I understand the difference. However, ARIN looks to see if the registrant of a inetnum in their IRR is the same person as the POC for the allocated resource, as the authorization to register the inetnum. So I have extrapolated from there to the belief that if they yank your resource they would yank the associated inetnum. (If they didn't, it would be a bad thing that should be fixed.) And RIPE has a co-mingled registry/routing policy database. Their representation of a registry allocation of space is the inetnum (as I understand their database). So yanking an address means the inetnum disappears in RIPE as well. (Again, if they didn't, it would be a bad thing that you would want them to fix, yes?) And that has got to effect routing policies somewhere. Of course, there are the individual ISP's IRRs and the RADB etc. Which have no authentication/authorization model at all much less one based on the registry allocation of resources. And yet people use them, go figure. --Sandy > If my understanding is correct, the model being discussed here is > dramatically different than the way that IRR's are operated & used today. > > -shane > _______________________________________________ Sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
