Re: [apnic-talk] Private ASN Route Objects
In message <YP+dvqBqnyxQjV6V@tomh-laptop>,
Tom Harrison <tomh@apnic.net> wrote:
>> You are talking about how to deal with this *general* problem over
>> the LONG TERM. Although I am pleased to see APNIC taking such an
>> interest in solving the "whole" problem over the long term, this is
>> clearly of much greater interest to you APNIC staff folks than it is
>> to me.
>
>If we delete these objects without updating our system to prevent the
>creation of futher objects like them, then we could end up in this
>same situation again from time to time.
Yea. So?
There are two problems and they are entirely orthogonal to one another:
(1) Getting rid of the bogon route objects that already exist in the DB
(2) Making sure that no such objects enter the DB in the future
You can solve (1) without solving (2) You can solve (2) without solving (1).
These are two separate problems.
I am probably not able to adequately explain the concept of "orthogonality"
in a short email, but I will try, by way of a simple analogy.
Imagine a bicycle with a bent wheel. That is an immediate problem and it
can and should be fixed regardless of other long-term "would be good to
have" things.
In effect, you are saying that you won't fix a bent bicycle wheel, even
though it is an immediate and evident problem, until you can ALSO acquire
a bicycle pump, which you should have in case you ever get a flat tire.
Sure, you can make the case that the two problems are, in some sense
"related" since they both have to do with the proper operation of the
wheels, but strictly speaking, you do not NEED to have a bicycle pump
before you fix the immediate problem of the bent wheel.
>It could also lead to user
>confusion, if we were to contact them about changes they've validly
>made via interfaces we've provided to them. We are interested in
>avoiding these issues, so it makes sense to us to address both the
>existing objects and the underlying mechanism at the same time.
See above. You can fix the immediate problem and THEN you can take as
many weeks or as many months as you like, at your leasure, to fix
the -other- problem. In the meantime, problem (1) will be fixed and
the bicycle can be ridden.
>We appreciate your concern here, but we are cautious about assuming
>that we know every possible reason why an account holder might have
>created a given route object.
Caution is good. Utter inaction for weeks on end due to excessive paranoia
is something different, and is normally something that suggests the need
for professional medical intervention.
In another message here I pointed out that 100% of remaining APNIC bogon
route objects refer to IP space that is provably either (a) 100% unrouted
at the present time or else (b) routed by some other and properly assigned
non-bogon ASN. Thus, removing those bogon route objects will provably have
no operational effect on anyone.... a fact that you yourselves could easily
have verified for yourselves four weeks ago.
And in any case, you guys have had four weeks now to contact the authors
of those bogon route objects and to ask them if they needed those, or if
they could be deleted. Did you do that? If not, why not? If you did,
then what did they all say?
>In these instances, we are contacting
>the relevant address holders to confirm that they don't have any issue
>with the objects being deleted. Sometimes the address holder does not
>reply immediately, which is why resolving these issues might take
>longer than anticipated.
It's been four weeks! Was it your plan to wait for responses from these
people... some of whom may be dead from Covid by now... for another four
weeks? Another four months? Another four years?
AFRINIC has already cleaned out 100% of the bogon route objects that I
reported to them. RIPE and ARIN are well on their way to doing likewise.
How much longer will it be until APNIC follows suit?
Regards,
rfg