routing-wg
 Note: Please be advised that this an edited version of the real-time  captioning that was used during the RIPE 56 Meeting. In some cases it  may be incomplete or inaccurate due to inaudible passages or  transcription errors. It is posted as an aid to understanding the  proceedings at the session, but it should not be treated as an  authoritative record.  
  RIPE 56 Routing Working Group 9:00am, Friday, 9 May 2008 
 MACIEK WOJCIECHOWSKI: Point up to the size of the Internet today and  even more. Another approach we took is start with a very simple  solution. BGP is quite complex. We don't need all of it or what we  actually need or start what we think we should need and I think that for  this experiment we need that kind of thing so we just add them. So we  have to create our simulator in a very, many black boxes that we can  exchange and the thing we will have to do with this kind of simulator is  calibrate, I will talk about it a bit later. I will show you the odd  models, we don't [unclear] we model it. That means first of all, we  simplifying everything we can, no physical network modelling. We treat,  that is big thing, treat every AS as one node for now so we don't get  into connection of the AS in [unclear] we are interested in the inter AS  message exchanges and this part of the protocol. Then we model standard  BGP announcements withdrawal messages. We have of course modelled FIB,  their policies, this is kind of what BGP, what BGP really is. You  receive a messages you update FIB back into policies and propagate your  neighbours. We do have specific BGP tables so every quasi-router knows  all the prefixes. This is quite a lot because we have 27,000 ASes, each  all prefixes for 250,000 prefixes, it's a lot and very important for the  experiments part of this [unclear] there has to be a lot of freedom for  particular node behaviour, there has to be possibility to change  behaviour of every node in a way that would be need sod seal the black  box approach. Different from policies and build every node out of the  boxes. And this calibration I mentioned is that when you are emulating,  simulation it's kind of get out of hand. We don't have 100 percent  control of what is in fact getting similar laid so we have to calibrate  it so that it really resembles the BGP behaviour we observe in the real  world. To do that, we need some real world data. There are some  scenarios that are known that BGP behaves this and that this and our  task right now is to make our simulator behave in the same way. There is  for example, there are risk updates known so the updates are exchanged  between the serves. If we know the root causes or who is responsible for  update that is coming we could run our simulator on those root causes  and see and see whether, for example, the average path is the same  because the average path won't be the same if the we don't know the  policies that are happening, that ASes are using. Still we have network  that might be enough. We are not full ourselves, we know our calibration  won't give us the same level. Even driven simulator is actually better,  some of them they don't scale and we want it to scale. This is price we  have to pay for the scaling.  
 And few things about our software. What we have is Java based simulator.  It's running on homogenous cluster. Running on 80 compute nodes with  four course each for 27,000 ASes, they just run in normally, it's Java  scheduling the ASs, not some magic not as in give us something like 350  per computer node and it works pretty well actually. We what they  provide is list of ASes with relations between them. This is simply  provider customer and [unclear] can relations and we store prefixes on  hard drive, too many even with 80 machines for Gig each, there is too  much data to store it in memory. Store hard drives and do our best not  allow to interfere with our simulator and we are propagating the  prefixes from the BGP table so it is something like for each AS we take  one point, we have kind of real New York and propagating to simulate the  current Internet. And just few numbers, how good it works. It's 500  milliseconds to fully propagate the prefix that was not known, that was  not known before. So just one AS announce as new prefix and takes 500  milliseconds to propagation fully stops. If we run it just let them go  as far as we can without any timers. If you propagate BGP announces with  one prefix in only one prefix in each announce, the simulator can  digest something like 2000 messages per minute and put more prefixes in a  BGP announced message up to 15,000 prefixes per minute. So to get from  scratch, to the time that everybody knows the whole table for 250,000 it  takes something like 17-18 minutes and it's reasonable well they have  that time. The and the other way you can store the current state of the  simulator, everybody every node will store the FIB and [unclear], 100  Gig bites for all of the nodes. So it's actually easier to simulate it  from scratch than allow this 100 big bite data. What we would like to do  is write some kind of easily extendable scenario framework so you can  write most probably nice XML file, you would like to put those measure  those things, which events are triggered by which event and what you  like to measure, something like how many benefits I have received, what  is the average path convergence time and so on and more important thing  actually, is to try to gather as much reload data as possible. This is  what would you like from you we would like to show this is a valid BGP  plod he will and approach is [unclear] and everybody that would like to  use it in the future, that it actually simulates BGP and not just  writing something. Like to you collaborate with us. If you have any kind  of data that is, if you have route causes for some kind of computated  root causes for updates that are seen by RIS routers, they would be  perfect. If you have signed of scenario that BGP behaves in this way. We  know some things but maybe you know [unclear] have a thing which you  help us ideas what can be simulated with this kind of approach. Looking  at the BGP at global perspective. We are look mostly at, every time we  have to look at numbers and averages, not of AS path itself because they  won't match but many characteristics will so you can simulate very much  [unclear] like the you can really see how the effects the amount of  message that are sent. [unclear] helps because I am personally not so  much and this is the kind of thing you can do. Put a timer and see how  it effects the number of messages. And just grab me here, ask a  question, grab me during the lunch or send us an email. Be part of it.  Are there any questions?  
 CHAIR: No questions. OK. Well, thanks for presentation and I encourage  you to send updates on project to the routing mailing list as you make  progress on it. And like thank you very much.  
 (Applause) 
 Next is Eric.  
 ERIC ROMIJN: Hello good morning, my name is Eric. I work for the RIPE  NCC I am a software engineer there in information services department. I  am going to talk about the routing information service and a new  service from our department which is IS alarms. I will start with a  short introduction and update on what we have been doing and then get  into IS alarms.  
 So, what is RIS? It's routing information service and it's often  summarised as a looking glass with history. We collect data from now 620  peers around the world on 15 different collectors. We peer from our own  AS and everything we get from them we store in a large database. Then,  there is a set of query tools on our website where you can query all  this data. We keep all the raw data in a binary format for which we  provide to and library to read it, we don't disregard it we have  everything started 1999. We generate a number of statistic reports based  on our data and we have a notification system called MyASN which is  someone can announce you when someone announce your prefix. We have 15  collectors, mostly in Europe now. There is a new one in Miami hosted by  Terremark, thank you for that. And TERRE and connectors to map of the  Americas Internet exchange.  
 So what we have been doing: Since last meeting, we have been focusing on  performance and architecture improvements. A lot of stuff in RIS has  been built when it was still a lot smaller. So, it runs on a bit, the  hardware is nearing end of life cycle, the database designed can be  improved, we want to build a better internal API and have faster  resilience against failures. So, current progress is we do actually run  RIS on new database service now. We don't have any very careful  benchmarks yet but we estimate this to be 20, 30 times faster than the  old system, depending on the queries. Also, we have a new database  design, which will be a lot more efficient and, therefore, also will  improve the speed. And work is being done on a new API, which will  handle all traffic to RIS.  
 So, MyASN is the alarm system in RIS. It will notify you if someone  would announce your prefix. If you have an account and set up the  filters correctly, or if someone else gives an expected trend set to  your prefix or to a prefix of your customer. If it sees such a thing it  will notify by sys lock log or email. So some idea of the sites, we have  1285 registered users. Together they have configured more than 2000  alarms, of which almost 1,000 have been triggered at least once. If we  look at the growth in MyASN accounts since 2004, we add about 20 MyASN  accounts every month. Anyone who has an AS can register an account, you  don't like to be an LIR, it doesn't have to be RIPE region. So you can  see a small jump in January, that is when the YouTube incident occurred  and people thought that it might be a smart idea to monitor Thor these  kind of things, which MyASN would catch. RIS is we have more services.  TTM does it when it sees strange delays, DNSMON might have it in the  future. And of course, the systems are now all separate which makes them  harder to maintain, so we have built a new system called IS alarms  which connects everything we have of data feeds together, where you can  configure filters and then use a number of outward plugins. This means  instead of having multiple different interfaces, we now have a single  interface where you can see all your alarms that are configured with the  system, switch them on and off, see how they have been triggered. We  also plan to have very flexible filtering for this where you can  [unclear] actually say I want the well, you can stack filters together  with different requirements. Currently, we have email and syslog running  there. SMS might be an option in the future but we don't know for sure  yet but it's really easy now to just add an output system.  
 This new system will completely replace MyASN so at some point in the  future, we will stop MyASN. We will probably migrate all existing alarms  to the new system, but it's as long as it's not production grade  [unclear] we will keeping MyASN running as is. Anyone who has an  existing MyASN account can log in and try it. The core focus points of  we provide a clear interface, all compared to MyASN it supports IPv6,  MyASN does not. It's built to have a shorter delay between the event  occurring and the alarm being sent out. And will be providing more  output options.  
 So, a description of how it actually runs. This is my standard ASN  account, it's not my real pass order, I can log in. This works for all  existing MyASN accounts and I can start adding my alarm and I want to  monitor it from MyASN, monitor my or [unclear] and sent email and syslog  if it goes wrong, you can select any combination and I can enter a nice  description, and then I can say as well, this is my prefix, it has to  originate from this A [unclear] number F it does not you sent a  notification to syslog and you mail me. If you have a number of alarms  set up, I have a few running now, you have this overview of all the  alarms you have, when you change them what kind of outwards they use and  whether they are active. You can see this my RIPE meeting alarm, which  is currently active and sending email and syslog. You can also click  them and then you will be able to edit them. And if it actually detects  such a condition it will send a mail like this where it says, originate  from AS 3.7, RIPE if it's wrong they send me a mail. So, where we are  looking for now, for the future, is to probably implement SMS  notifications, IM is also a nice option. Also, we plan to add more input  so currently it's just RIS, but TTM will be integrated in that and then  we can also start looking into combined RIS and TTM filters where you  can say if RIS has this and TTM has this then it's an alarm condition.  Also, of course, it's currently in beta so we will probably one into a  box we will have to fix.  
 So the beta is online now and you can see it there. So if you have MyASN  account already, you can log in; if not, you can request for MyASN  account and it will useable for that as well.  
 So there was my short talk. If you have any ideas for how we can improve  this or if you find other things, mail us and we will look into it.  
 CHAIR: Thank you, Eric. Are there any questions for Eric at this point. I  am happy you are looking at this SMS one of the problems, if someone  hijacks your prefix it's quite unlikely that you will be unable to send  me mail so unless you have an... 
 ERIC ROMIJN: That is the thing.  
 CHAIR: The alarm will trigger.  
 ERIC ROMIJN: It's one of the things I want to look at, how many people  who have ASN, how many could we mail if it was hijacked. I don't know  how much this effects. SMS would fix this problem and out of band system  would.  
 CHAIR: I don't know if you can use the route collectors themselves top send outgoing messages.  
 ERIC ROMIJN: Not really.  
 CHAIR: Thank you thank you.  
 (Applause) 
 CHAIR: Next up is we have time to [unclear] proposal that was presented  by Kurtis earlier in the week. We have been operating under this model  where potentially policy proposal discussing the Working Group. I don't  know if this is an optimal model but anyway.  
 KURTIS LINDQVIST: There are no slides for this as I did the presentation  and I guess this slot was more given for discussion and thoughts on how  to move forward on this. I am going to assume you all know what I am  talking about, if not you have to go back to the video from Monday. So I  don't know how to what we want to move forward with this, one thing  take some more of the implementation specific discussions over to the  Database Working Group. If this decides this is a good idea to go  forward, and we can also sort of split this up, take it to the NCC and  ask them to implement this.  
 CHAIR: I want to you repeat everything you said on Monday, if you could say the exact content of the proposals.  
 KURTIS LINDQVIST: The idea was basically, that based on the data, the RP  take and build a new IRR registry, a repository that could providers  could pull the data from and have as priority, if you had a route you  would know it was more trustworthy because it came from this idea,  basically. That was just another publishing point for the IRR.  
 CHAIR: OK. Do people generally understand what this is about? Like creating a new IRR?  
 KURTIS LINDQVIST: It's really hard  
 CHAIR: Similar to the one that RIPE already support but starting from a  clean slate without all the contamination the current one seems to have  and making sure the objects are this time around more strongly to get  you through the R P T I mechanisms. There. One point the RIPE NCC would  make a tool available so people could build this data by themselves. And  it's really good  
 AUDIENCE: I am I am to blame for not having the advertisement slide wear  which times is bad, really. Well OK, if really the idea of, well, okay  what this is and what benefits come out of it are not really that clear,  I will try to throw in a couple of key words. The RPKI stuff is  something that actually has been done in initially targeting long-term  goals in doing secure routing protocols, and it is obviously something  very important and desirable, but the benefits of this will take several  years until we get them. The RIRs have taken action in actually  creating RPKI as new data structures with security, and some emphasis in  this work has been more on securing the allocation data, which, of  course, is the RIR's job and which is, of course, also extremely  important, and in particular, in the times of address space becoming  scarce. So, what I did was looking at this and thinking about, well, OK,  what security practices in routing are there out in the field at the  moment. It's not really much, and, well, OK, I think the current  thinking is that it is not that much in particular because there is so  little trustworthy data around. Actually, in the RIPE region, there is  actually a relative good situation regarding good data, but, well, OK,  there are other parts on the globe and some of us are operating there,  as well, and, well, OK, the poor other guys, well OK, obviously also  have a problems and well look at it, Pakistan Telecom and YouTube are  not RIPE are not using RIPE resources. So,, well, OK, the thing that we  have out there are the old IRR databases using RPSL and there are  various people have various tools built for using RPSL databases and now  I took a look at, well, OK, what do we get in relevant data in the RPKI  for routing security and what do we have in RPSL IRR databases and the  tools that everyone is using who is doing something. And it turns out  RPKI has quite precisely one part of a data which is called ROAS, the  route origin organisations that actually contains relevant information;  all the other stuff is not truly routing relevant. And looking at taking  this and looking at the RPSL side of things, it turns out we have  something in RPSL that very, very precisely matches the row I can't say  and that is the route objects in the RIR databases. So the idea of  creating mapping the RPKI ROAS that are supposed to be very secure, very  trustworthy and create an RPSL representation office and have the tools  that are around and being used, access this data, obviously makes the  RPKI data immediately useful. Now comes the question, well OK, do we  have the means so that we can actually distribute and distribute via  RPKI data that is mapped into RPSL and do we have means so that when our  tools access RPSL data, we can actually differentiate and say, well,  OK, in this particular context when I am asking for data, I want to have  the trustworthy data opposed to situations where I say, well, OK,  unfortunately, as has been in the past for certain things, I don't have  the really high quality data and I do different selection and the means  for doing this is there in RPSL, in RPSL all objects are tacked with  source attributes which say from which database the object comes, and if  we now do the RPKI to RPSL mapping and tag all the mapped objects with a  distinct source, our tools allow us to when we want to have when we  want to use specifically the trustworthy data, we can just say, well,  OK, just use or prefer the data that comes with the RPKI map source tag.  And overall, we can use all the existing tools with the good new data,  and well, OK, there may be some interesting tasks to optimise the  existing databases and tools for the particular use, but conceptually  and at least for starters, to get going, we really can take the existing  tools databases without no change at all, and immediately take the  advantage of having certified data and, by the way, it's not only a  question of being able to as a consumer of the data, as a reader of the  databases, it's not only important that, as a consumer of this data, I  can pull the trustworthy data; in my opinion, it is all it is at least  as important for me that I can tell all the parties I am interacting  with that, well, OK, if you had problems in the past to find some place  where everybody expects your trustworthy data, with RPKI I can point  anybody, whether the customer sits in Nepal or in Detroit or somewhere  in Latin America, I can point them and say, well, OK if the RPKI is the  thing whether you can trust your data is handled right, and everybody  will pick it up there.  
 CHAIR: Thanks.  
 AUDIENCE: Wilfried, Database Working Group Chair. First of all, I like  the idea, let me start with that one, because it just has the potential  to get a little bit of the problem space sorted out eventually, maybe.  The thing that makes me stand just behind a microphone here is the  curiosity about the choice of word "separate IRR" [unclear] just would  like to find out what this actually is meant to be. Is it to be just a  separate database with a separate [unclear] or is it meant to be just  something which is contained in the existing infrastructure, but with  other attributes and with a mechanism to maybe filter between those  having these sort of security attachments versus those which don't.  
 AUDIENCE: We are not intending to do any change to the objects. Don't  hit me later when and I am keeping this out of this meeting when we take  a look at certain optimisation things, but well, OK, there will be no  additional attributes and conceptually, the data will be exactly the  same and the point is, well OK, it doesn't matter whether the original  database goes on to a server with a different domain name; the thing is,  it will go to into the collection of the IRR and the trustworthy data  will be tacked by its distinguished source tag, and the source tagged is  the way to well, OK, select and, well OK, if you are a really security  geek, of course you will not trust the RIPE NCC that they truly do the  verification of a trustworthy data right; you always want to do it  yourself, and well OK, of course you are free to do that, but, well OK,  my guess is that it's very good service for the community for having the  central service providers, like RIPE NCC, to provide the data and allow  parties that are trusting the NCC anyway for many things, to take this.   
 AUDIENCE: George Michaelson from APNIC. Speaking purely in a personal  capacity because I have no role in policy, I see I was very pleased that  you spoke about this having really limited lifetime and limited scope,  because there is a fundamental issue with models based around where you  get data from, which is different from can you check the data innately  as a thing in itself and you have gone directly to that in your last  comment, so with that strong caveat about the inherent weakness of  trusting where you fetch from and remember the data is copied routinely  and people often use indirect sources of data and there are inherent  problems in saying because it says source RIPE it must be good; I have  no particular problem with the decision to say we should do this and  there is a policy proposal in the APNIC region and if it receives  sufficient support to become operational we would have no innate  difficulty in running that service but I do think it's important to say,  it is inherently weak to assume unverifiable data is trustable of where  you get it and I believe that the work the RIPE is considering to  develop extensions, to provided embedded signature support is orthogonal  to this proposal, it is not harmful and is something that is good and  should be done. That is all I wanted to say.  
 AUDIENCE: I wanted to answer translate a little bit into more simple  language the answer to Wilfred. The answer is, extended route objects  with a distancing source attribute in some database, and, and then maybe  some extensions late every but at the moment it's standard route  attributes, different source attributes and RIPE database and, actually,  we are already working to get the stuff into the prototype so it's not  like something very difficult. I was a little bit surprised to see this  as a policy PDP proposal. No criticism, but it looks like a little bit  heavy weight mechanism for something that has already been done.  
 CHAIR: So it is already being done.  
 AUDIENCE: Well, we discussed this. I put it into the process for the  prototype. I am not sure where it is in the planning of the prototype. I  am not that deeply involved, but they told me that the people who were  doing the prototype say they can do it very easily. So it's not like we  are going to do it if this room says no we shouldn't do it, but the  wheels are already in motion.  
 KURTIS LINDQVIST: I can come back to that.  
 AUDIENCE: Andrei, RIPE NCC. I think there are a lot of implementation  details, maybe not a lot but the RIPE NCC have to look into this. The  substance of the proposal is very simple and I think the beauty of the  proposal changes nothing or basically nothing, so it's a really low  hanging fruit, I think we support this proposal. However, just one  comment, and falling on George Michaelson's comment is that there are  the components in the routing registry, right, apart from just route  objects, and perhaps not now, of course, but maybe later, we should  think about the general concept of routing security and how we can  improve this using RPKI. There is already some thinking going on with  regards to how we can improve authorisation schemes and how we can  improve the quality of the data by maybe even signing the data in the  routing registry to make it more reliable. Thank you.  
 CHAIR: OK. Well  
 AUDIENCE: Just once again. I also wanted to add a little comment about  Rudiger's statement that there are lots of routing registries using  RPSL. Thinking about the presentation yesterday and something you may  see later today in the morning, it seems to be not the default case to  have RPSL representation in various routing registries as they are  implemented. Not all of them or not the majority of them or about half  of them seem to be using RPSL as the language to represent stuff and  that is the reason why I am bringing this up again here because I think  if we start to improve that or try to improve that and if you want to  add another set of goodies it might just as well be that is not true. 
 AUDIENCE: We keep it simple.  
 AUDIENCE: You can definitely but if there is a chance to improve the  global system I would at least try to find out whether wave chance to do  so.  
 CHAIR: This is why I asked yesterday to be a bit more specific instead  of saying certain things and a few of those and some of that, the other  ones, because it's good to have complete data.  
 I don't think it's entirely relevant to the discussion right now, let's finish this one before you get.  
 AUDIENCE: I actually have something on this very particular subject and I  agree with Daniel in this case that the wheels are in motion on the  simple low hanging fruit implementation but when we refer to  specifically the proposal, it actually, if you look carefully, has five  [unclear] in it going all the way down to individual ISPs or internet  exchanges should be able to run the same software that we do on their  side independently and so on and then we go far beyond low hanging  fruit. What we are very interested in doing and supporting is this low  hanging fruit and as we said that is in motion but that is just a subset  of this very big proposal, keep that in mind, it's not all low hanging  fruit that is discussed.  
 CHAIR: I would like to give a chance to anyone in the room that hasn't  spoken yet to voice their opinion should it be contrary to it. So far,  all the opinions have been in favour. Absent that, I would then suggest  that perhaps along the lines what have Daniel suggested, we change this  from a policy proposal to just a regular Working Group action item on  the NCC. Since work seems to be already started.  
 KURTIS LINDQVIST: Because it was submit as a policy proposal to the  other RIRs and it was just the same text. There wasn't a particular  reason why it was PDP.  
 CHAIR: Would the proposals be OK with putting this as normal Working  Group action item on the NCC to be worked on. Basically, to specify what  those low hanging fruit are, what are the things that are being tackled  first and provide us with an estimate of when that first part would be  done. And then, following that, provide an assessment of what work would  need to be done afterwards, and if you could get some sort of report in  between now and the next RIPE meeting, that would be excellent.  
 KURTIS LINDQVIST: Or even running code  
 CHAIR: Yes. So that the hard work could be assessed and discussed during the next.  
 AUDIENCE: I would love to have had that input yesterday as input from other working groups.  
 CHAIR: OK. Noted. Thank you. We have a couple of small items.  
 SPEAKER: Or while I argue with the laptop very quickly, if you have any  other small things you wanted to do first, by all means go ahead.  
 CHAIR: We were approached by from Japan by wanting to report on the  status of ASN 32 implementations in different router implementation. I  think he has now sent a mail to the listing list in lieu of actually  coming up and presenting. Just have a look. So now you are the last one.   
 SPEAKER: It's a good thing I got the slides up and running then. We did a  presentation yesterday, the Database Working Group about the status of  mirroring other routing registries and since the key word routing is in  here, we thought it might be a good idea to bring this to the routing  policy Working Group to get your feedback. We would like your feedback  on this. And this begins with a small problem statement. Currently, we  mirror several routing registry databases. If you look at the little  grey box on the left top RRDB. Imagine it's another routing registry.  From there on, we get a stream of their data. Not all data,  unfortunately is exported and there is no protocol for it. In many  cases, it is definitely not RPSL and there is actually no one that  implements the full RPSL RCP exclusively. All different and different to  ours. When output changes, obviously our conversion breaks, there is no  protocol and at this point, our Whois update is not being updated.  Basically meaning we are going out of sync. When we do get the data, we  change it to RIPE RPSL format. Very strict RPSL and we adhere to this  strict meaning if there are attributes in the originating source that we  don't understand we will not import them. They will be dropped F they  are in a format that we don't understand they will be dropped and so on.  After this they go into the RIPE database and allows to you query is  with dash A and S flags we already know by the time they go into the  RIPE database we do not have a complete view of this, this is simply a  fact of life. Now, if an individual users query it, may not be so bad.  Maybe they are looking for some statistics, some general ideas or they  will just continue on looking if it doesn't look right. However, ISPs  and internet exchanges also use this for operational purposes. They will  build their routing policy based on what the RIPE database says and not  only for the source of RIPE, they will also do it for some of the  mirrored databases by us, effectively treating us as authoritative for  data sources we are not authoritative for and that we know full we will  we are not complete on, either. Regularly, unfortunately, tickets reach  us from users, from internet exchanges, and asking, what is going on? It  appears that my IP space is not visible in the UK, from one ISP or  another. There was an old route which we mirrored and imported and that  there was an updated route which, for some reason, we could not mirror  and import. The UK IPS or internet exchange still sees the old route in  our database, treats it as authoritative and routes the traffic  somewhere it shouldn't go any more. And basically blackholing the entire  traffic. This is the operational issues that come from this. So we  actually being treated authoritative for data that we weren't  authoritative for. On top that have we actually only mirror 7 out of the  40 routing registries so if you wanted to go for the convenience sake  go to the RIPE database and say show me a good enough we can't we have  one out of six, if you will. Looking at the type of queries that are  being done, you can actually see that on the lefthand side, the orange  and red chunks of the pie chart are wrong use of this extension, the s  flag allows to you query for a very specific source, which is not us.  Most of them are still using source that is we no longer mirror. So they  get errors back anyway. And there is people that use s RIPE querying  the RIPE database so there is no point in using s. For the a usage there  is queries that are only ever going to return anything that is in the  RIPE database. Maintainers, organisations, these type of things. Leaving  12 percent people who do use it and S doing sensible queries and that  is about .4 percent of all queries we get. If you look on the right-hand  side you will see the green and blue chunks are IP and AS that is what  we are mostly being queried for. It's not personal data, it's not  maintainership or anything like that. We get 7 percent domain queries,  those are only in the RIPE database so we can disregard those from the  pie chart and there is the interesting five percent which is the reason I  am standing on this stage. Five percent are route queries. We would  like to know from the audience that probably knows most about this, is  this you doing queries to us to build your routing policy. And were you  aware of the shortcomings of the mirroring of other databases? If you  were and you are still doing it do you think it's good enough. If you  weren't aware and you are doing it, does this scare you?  
 So, the way that we see forward, we thank we could possibly do, things  to make things better, keep going as it is. We know it's incomplete,  it's error-prone, it can be misleading at times, we know we have a  limited view and we do get some operational issues from it but there  might be value and we would like to hear from you what this value is. We  could be authoritative and only be authoritative on the things that we  know we are authoritative on, which is only responding to queries for  the RIPE database. We know those are correct. Which would mean we would  deprecate the a and the s flags allowing you to query further sources  because we wouldn't mirror them or we can meet in the middle and say,  well we will do a referral [unclear] won't mirror the database but we  would know where could you go get the authoritative answer. We could do  this as a proxy service or as a web service in front of the database but  this would mean that would you get the replies in the format of the  remote registry rather as in RIPE RPSL, because let's face it, they are  in a different format for a region. You are asking to make oranges into  apples and that doesn't always work, this is the way that LACNIC  operates their joint Whois service as well. So our questions to you and  anybody willing to go to the microphone and say something about that. Do  you use the [unclear] or other operational decisions.  
 AUDIENCE: Yes.  
 SPEAKER: Did do you so being aware of these [unclear]?  
 AUDIENCE: No, nobody was telling us.  
 SPEAKER: Would you still be wanting to do this knowing these limitation  
 AUDIENCE: Knowing the limitation and keeping in mind that if I have  queries that I want to resolve against completely non-RIPE Database, I  would prefer and I usually do run the query against the appropriate  database.  
 SPEAKER: That is very prudent of you.  
 AUDIENCE: If that database is accessible and works well and doesn't  create problems, which happens with certain ones, but more and actually,  and actually for example, for some time we were using the RIPE database  to query for APNIC data because APNIC serve actually was creating some  syntax error which was breaking our tools. So, actually, having so  actually having the RIPE server sit not guilty front and filtering away  some irregularities, is of value. The other use for asking different  databases on the RIPE database is, sometimes, sometimes we actually need  to run a database resolution against multiple databases, because the  references in the distributed IRR are crossing the registry boundaries  and, well OK, for that, you need a database server that actually is  doing mirroring.  
 SPEAKER: Wouldn't you need a database server that is able to give you the answer?  
 AUDIENCE: Yes, you are right, but, well OK, the current way this is  done, usually, is by mirroring and I was generalising, which was an  error but again, having the database front end that I am querying  actually normalising the objects that are returned is definitely a value  because, well OK, yes, there are irregularities and, well OK, keeping  all the tools in sync with all the irregularities that are around, of  course, is much more work and harder to maintain than to rely on a  central point of service that actually normalises in the first place  and, yes, well OK, information about that the normalization actually  removes data. , of course would be valuable and knowing this, the  decision about using a certain database for certain queries might be  changed.  
 SPEAKER: From what I understand, you are saying we would want to query  multiple databases somehow, anyway, and it is very convenient if  somebody else can do the conversion for us.  
 AUDIENCE: Exactly.  
 SPEAKER: I appreciate that, that is also exactly the problem statement I  am presenting to you, this is what is failing. We have tried very hard  to make it not fail but it's making apples into oranges. We can do a  best effort and we have been doing on this, but unfortunately, our best  effort, because it is being treated as authoritative and correct, is  leading to operational issues. So are you sure this is what we want to  do?  
 AUDIENCE: Well, again, the cost again the cost for every one operator to  maintain his tools for the idiosyncrasies the broken server of the day,  does not look like something that is helping to keep tools in place and  working. My experience in using the service is that, well OK, I never I  don't remember any error report getting back to me knowing that I may  be missing some information is an incentive for me actually to create a  little bit more of explicit feedback loop with my customers and I would  feel perfectly comfortable if I sent my customer regularly a report that  says, well OK, you have your you have the relevant data spread across  strange servers; I am trying I am trying to make best sense out of it  with the help of the RIPE NCC and here is the query that I am sending to  represent your requirements and here is the today's result for this and  if you find anything missing there, please investigate. Again, the  point is, well, OK, the information that well OK, there may be white  spots has to be transmitted. If that is transmitted correctly, things  are not really that bad.  
 SPEAKER: Understood. Is there anybody but Rudiger who is having so much  faith in us that they built their routing policies based on the answers  of mirrors. Could I see a show of hands? 
 AUDIENCE: We trust you you.  
 SPEAKER: Of course you trust us, especially if they are using this, like to add to this.  
 CHAIR: I have a bit of procedural thing and repeating on what I said  yesterday. The way this was presented has come across at least to me a  bit too much of hand waving with lacking on details. Upon hearing this I  am surprised to hear having issues with people like. The RDB have run  service called IRD which is developed against I I would like to know, if  it is the case, that they have the for RPSL or perhaps the RIPE  database if, this is true and what are the details and if there was a  good reason and one or the other should implement the changes have that  be added because RPSL  
 SPEAKER: Answer in one sentence.  
 CHAIR: APNIC runs the RIPE Database software, with some local  modifications. I would be very surprised if there are such modifications  that they are not reconcilable. So again provide some data. That is the  main thing here.  
 SPEAKER: I have answers to both of your questions if you are interested.  The first one is short no one implements the first RSPL spec [unclear]  make us change twice a year at least and as for the numbers I have them,  I am happy to discuss them over coffee with you and also mailing list  
 CHAIR: The mailing list would be far better than over coffee.  
 Just to close this down. Sorry for keeping you so late, the discussions  will have been interesting to all of you or at least most of you. So  let's just go to the does anyone have anything to that they would like  to add at this point or just everyone desperate for coffee. I was  talking to Rob Blokzijl, we have decided to postpone the beginning of  the next slot, which is the last plenary slot, to a quarter past 11 so  you have a chance to stock up on coffee and probably grab a bite in case  the plenary slot runs a little bit late into; you will at least have  something to digest. Thank you for coming and see you in Dubai.  
 (Coffee break).