Re: [apnic-talk] NICs and Egress filtering?
On Wed, Jan 10, 2001 at 11:45:39AM +1100, Geoff Huston wrote:
> >If an ISP is in fact trusted with updating the routing system I guess we
> >have to believe they are doing it correctly. Who else would know (or
> >care) except the parties directly involved. Then again as it is such a
> >fundamental component of the Internet problems do get fixed relatively
> >quickly.
>
> And this is the bit that worries me a lot - ISPs come in all shapes and
> sizes - what is an ISP from one perspective is a customer from another.
> There is no 'top down' enforcement model that I am aware of that creates
> integrity in the area of route advertisements. This implies that the
> level of trust that one can ascribe to ISPs is inadequate in terms
> of ensuring that routes are 'valid' and 'correct' at all times.
Isn't this just a result of the autonomy of the autonomous system?
All you can do as an operator is work with those you have connectivity
to in order to get as good a view of the entire network as you can.
Trying to exert pressure on an operator three hops away isn't going
to work; there are no commercial arrangements in place to cause them
to spend money supporting you. You can exert pressure on their
customers instead, though by making your problem their problem (my
customers can't see your content; your customers can't see my content).
For some operators, if the view isn't stable enough, the solution is
to route around the problem areas (e.g. by peering promiscuously to
achieve exits closer to traffic sinks).
I'm not sure there is a general answer to "enforcement" beyond "I
run my own network according to my own policies, and I hear that
other people do too".
Joe
* APNIC-TALK: General APNIC Discussion List *
* To unsubscribe: send "unsubscribe" to apnic-talk-request at apnic dot net *