[db-wg] Foreign ROUTE objects in RIPE Database - final decision?
Job Snijders job at instituut.net
Sat Oct 14 18:39:30 CEST 2017
On Wed, Oct 11, 2017 at 03:00:55PM +0100, Sascha Luck [ml] wrote: > On Wed, Oct 11, 2017 at 02:46:54PM +0100, Nick Hilliard via db-wg wrote: > > Job Snijders wrote: > > > I think this touches upon an incredibly important question: how do > > > we distinguish between garbage and properly authenticated "route:" > > > objects covering RIPE-managed space? > > > > and more to the point: are there good reasons and community support > > for continuing not to distinguish between the two. > > Well, distinguishing in the irrdb is one thing, but how would you > distinguish between them in RealLife(tm)? It's not like you can > not route/accept a cross-RIR route: object (at least not without > Breaking The Internet) Some people may make a choice to ignore objects with source RIPE-NONAUTH, or some may let other sources have precedence over RIPE-NONAUTH. I can also imagine improvements to abuse handling systems which now know that they might need to take the route with a grain of salt. We'll see what innovation is possible! > Also, what would the distinguisher be for eg. a route: with > prefix from RIPE and ASN from ARIN? RIPE-PARTIALLY-AUTHENTICATED? Just "source: RIPE" - because it is authenticated following the chain from RIPE to inetnum holder to mnt-by/mnt-routes. That the ASN comes from ARIN (or wherever) is irrelevant, just like with RPKI. Kind regards, Job
[ db-wg Archives ]