[routing-wg] Routing Reg. mess [was: Re: [anti-abuse-wg] Fwd: Hijack...]
- Previous message (by thread): [routing-wg] Routing Reg. mess [was: Re: [anti-abuse-wg] Fwd: Hijack...]
- Next message (by thread): [routing-wg] Routing Reg. mess [was: Re: [anti-abuse-wg] Fwd: Hijack...]
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Elvis Daniel Velea
elvis at velea.eu
Fri Nov 14 17:59:50 CET 2014
Hi Wilfried, finally someone responding to the problem presented. I was about to think that nobody cares anymore. On 14/11/14 16:18, Wilfried Woeber wrote: > Michael Horn wrote: (to anti-abuse-wg at ripe.net) > > [...] > >> will result in significant workload. Holy dingus, is this database a mess... > And not just "this" one. The whole "Routing Registry" stuff is an incredible > mess, and since years, actually. Not really a Numbers Registry failure or a > negligence, but rather a multi-faceted mesh of FUD, History and Trade Secrets > claimed. > > Let me try to collect some facts, at least according to my memory. > Please correct me where I'm wrong... > > - not all 5 RIRs actually do support an IRR functionality. > > - the RPSL doc.set, back in the good old days, had some ideas and provisions > for integrating the 5 (or then, rather 3, iirc) pieces of Numbers Registries > into a single, global, consistent structure. > As Gert put it: it didn't fly. > Since then, we were putting band-aid over patch over whatever to deal with > that. The result is what we have before us, right now. > > - the whole system of creating objects, at least in the RIPE Region, has become > totally inconsistent. For an address block, where the RIPE DB is authoritative, > and an AS number, you need the credentials from both parties to register a route: > or route6: object. > > for out-of-region authoritative entries, the dreaded maintainer was created, in > order to provide the (useless) 2nd auth: token. > > For the RPKI stuff, again, there isn't a requirment for a second authentication > token, iirc not even a *notification* to the AS ref.d, when an RoA is created. > Anyone of you still thinks RPKI is going to be helpful here? > Bah, it's just going to give another false impression of credibility + new vectors > for errors and attacks. > >> -mh > The only way(s) forward I can see are: > > - require manual approval of route: objects for the case of out-of-region registrations sounds like an other patch, one that I would welcome as a temporary solution. > > - get the RPSL flaws fixed, the RFCs updated and then implemented this will probably take years.. > > - integrate the 5 Number Registries into a homogenous, distributed DB with consistent > authentication mechanisms > > - come up with a viable proposal for 1 (one!!) global routing registry that is > authoritative, up-todate and complete, used by all operators (yes, I know, it is > the wrong type of year /w a XMAS) I've been asking myself for years why the RIRs can not, under the NRO, ASO, IANA, (?) umbrellas to come up with a unique registry (resource + routing).. It's not like the communities do not want/need it... Do we need to pass a global policy to ask the RIRs to work together? :-) A single source of information is, at this moment, a dream. > - try to do any or all of the above and do so without RPKI requirements. Please! > > Wilfried. > regards, elvis
- Previous message (by thread): [routing-wg] Routing Reg. mess [was: Re: [anti-abuse-wg] Fwd: Hijack...]
- Next message (by thread): [routing-wg] Routing Reg. mess [was: Re: [anti-abuse-wg] Fwd: Hijack...]
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]