[ppml] Bogons etc...
michel at arneill-py.sacramento.ca.us
Thu Jan 22 17:32:35 EST 2004
> Leo Bicknell wrote:
> No matter what mechanism you use to filter routes or
> packets you're not going to do a dynamic query per
> lookup, you're going to cache. Even a BGP feed is
> a form of caching, since the local box keeps a copy
> of what it receives and checks against that. Be it
> distributed in BGP, DNS, or LDAP, or even SQL
> that's always going to be true.
Ack this. However, DNS caching means secondary zones which causes
numerous problems on a large scale, I have never seen a
distributed/replicated LDAP database that works on a large scale, and a
distributed/replicated SQL database among a large number of
administratively separate participants would be a nightmare to get
going. This is why bogon/filtering outfits are regrouping around BGP on
> I'm sure many people would like to have a reliable
> way to use this data to filter SMTP connections from
> unallocated space, or IRC connections, or modify
> host based firewall rules to drop the raw packets.
> but respectfully I think you're thinking about
> too narrow of a solution.
What's above is what I would call a too narrow solution; all these
things can and already are derived from the BGP feed.
> ARIN is here to serve the community [..] and ARIN
> should enable those people to do what they want
They already do.
> My assertion that people want this service, and will
> use this service is not theoretical.
People _already_ use this service. The existing format was reviewed by
the community, I believe.
> If you want to lead the charge to make sure no bogus
> prefix ever appears on any backbone anywhere, and that
> no packets are ever sourced from a bogus block, by all
> means please do.
That's not the intent, actually. This would require some for of
certificate or other authentication that is not currently available.
Paging Geoff Huston...
> However, until that work is done let us have the
> slightly ugly duckling, but already deployed
> solution proped up a bit, so we at least have a
> fighting chance to stop some abuse in the interim.
Which is my goal as well. Can you remind me about your publicly
available operational work regarding filtering?
More information about the ARIN-PPML