[anti-abuse-wg] [routing-wg] An arrest in Russia

Ronald F. Guilmette wrote on 03/01/2020 23:50:
> Well, RPKI quite certainly beats the hell out of the nothing that we have
> had in its place for lo these many years now.

having used irrdb prefix filtering in production for many years, I 
respectfully disagree.

> I certainly believe that in the absence of any malfeasance at any of the
> RIR, it -will-  bring order to chaos in te world of routing, when and if
> adoption becomes universal or nearly so.

No, it won't.  RPKI in its current form provides an insulation layer 
which stops certain types of misorigination problems and mitigates 
others, but has almost no impact on the wider question of policy routing.

RPKI also works quite well from the point of view of incremental 
deployment, i.e. it's not necessary to aim for universal or 
near-universal adoption.

Policy routing is difficult.  We tried to fix it years ago with RPSL and 
that failed.  There have been several attempts to look at this since 
then but they've all floundered because it's a fundamentally complex 
problem which involves a lot of different areas including policy 
management, i.e.  codification of human judgement; deployment of this 
policy to networking equipment which doesn't have the hooks to implement 
this at scale; how to accurately model a routing policy right down to 
igp / egp interaction so that you have a balance between enough scope to 
describe routing policy at a per-router, per-peer-address, per prefix 
level, but at the same time not making it so complex that people would 
be scared away from implementing it reasonably; and many other things.

RPKI aims to address some specific problems relating to mis-routing - 
cherry picking, if you will - and to provide a 90% solution for those 
problems.

Nick