This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[routing-wg] Routing Reg. mess [was: Re: [anti-abuse-wg] Fwd: Hijack...]
- Previous message (by thread): [routing-wg] Routing Reg. mess [was: Re: [anti-abuse-wg] Fwd: Hijack...]
- Next message (by thread): [routing-wg] Routing Reg. mess [was: Re: [anti-abuse-wg] Fwd: Hijack...]
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Elvis Daniel Velea
elvis at velea.eu
Fri Nov 14 17:59:50 CET 2014
Hi Wilfried, finally someone responding to the problem presented. I was about to think that nobody cares anymore. On 14/11/14 16:18, Wilfried Woeber wrote: > Michael Horn wrote: (to anti-abuse-wg at ripe.net) > > [...] > >> will result in significant workload. Holy dingus, is this database a mess... > And not just "this" one. The whole "Routing Registry" stuff is an incredible > mess, and since years, actually. Not really a Numbers Registry failure or a > negligence, but rather a multi-faceted mesh of FUD, History and Trade Secrets > claimed. > > Let me try to collect some facts, at least according to my memory. > Please correct me where I'm wrong... > > - not all 5 RIRs actually do support an IRR functionality. > > - the RPSL doc.set, back in the good old days, had some ideas and provisions > for integrating the 5 (or then, rather 3, iirc) pieces of Numbers Registries > into a single, global, consistent structure. > As Gert put it: it didn't fly. > Since then, we were putting band-aid over patch over whatever to deal with > that. The result is what we have before us, right now. > > - the whole system of creating objects, at least in the RIPE Region, has become > totally inconsistent. For an address block, where the RIPE DB is authoritative, > and an AS number, you need the credentials from both parties to register a route: > or route6: object. > > for out-of-region authoritative entries, the dreaded maintainer was created, in > order to provide the (useless) 2nd auth: token. > > For the RPKI stuff, again, there isn't a requirment for a second authentication > token, iirc not even a *notification* to the AS ref.d, when an RoA is created. > Anyone of you still thinks RPKI is going to be helpful here? > Bah, it's just going to give another false impression of credibility + new vectors > for errors and attacks. > >> -mh > The only way(s) forward I can see are: > > - require manual approval of route: objects for the case of out-of-region registrations sounds like an other patch, one that I would welcome as a temporary solution. > > - get the RPSL flaws fixed, the RFCs updated and then implemented this will probably take years.. > > - integrate the 5 Number Registries into a homogenous, distributed DB with consistent > authentication mechanisms > > - come up with a viable proposal for 1 (one!!) global routing registry that is > authoritative, up-todate and complete, used by all operators (yes, I know, it is > the wrong type of year /w a XMAS) I've been asking myself for years why the RIRs can not, under the NRO, ASO, IANA, (?) umbrellas to come up with a unique registry (resource + routing).. It's not like the communities do not want/need it... Do we need to pass a global policy to ask the RIRs to work together? :-) A single source of information is, at this moment, a dream. > - try to do any or all of the above and do so without RPKI requirements. Please! > > Wilfried. > regards, elvis
- Previous message (by thread): [routing-wg] Routing Reg. mess [was: Re: [anti-abuse-wg] Fwd: Hijack...]
- Next message (by thread): [routing-wg] Routing Reg. mess [was: Re: [anti-abuse-wg] Fwd: Hijack...]
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]