On 2013-03-18 10:47, Stephen Kent wrote:
There are at least two issue here: how quickly a new/changed ROA is
published
after it is created/modified, and how quickly one should expect all
RPs to have acquired this info. The RPKI propagation model for ROAs
was
based on the observation that, typically, the binding between an
address space holder
and the AS originating routes to that space changed very
infrequently, and
not very fast. Conversations with RIR staff supported this notion,
based on
IRR DB experience. So, suggesting that this data needs to be
propagated in
minutes, vs. 1/2 a day, is quite a change.
No, it's not.
The system converges at the speed of routing today, if I have to wait
12 hours to mitigate an attack for someone then that could be a problem.
If the RIR's actually conducted any qualitative study to this effect
I'd appreciate a reference - I've seen none. However, I can say for
certain that there are many companies that need "minutes" of
convergence, just like they have today, else they won't be able to
perform things like DDoS mitigation for hours or longer, and that's not
acceptable to many current operations. We have a business that utilizes
this today.
We've already had this discussion here.
-danny
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
