nanog mailing list archives
Re: Bogon filtering
From: Michael.Dillon () radianz com
Date: Fri, 3 Dec 2004 11:51:57 +0000
There is one thing though which is somewhat a problem with these setups, one has to trust the source of the filters, they are technically controlling your network, who you talk to and who not. And this little technical issue can be a huge political issue.
This change control issue is an important one because, as we have seen with many other technical great ideas, operations folks cannot just go ahead and implement every great idea. There are management people to convince that this great idea will not disrupt the operation of the network, either directly or indirectly through unwarranted cost increases. In my opinion, these type of feeds should not be made available in BGP format, because, as you say, this puts the external party in control of your routing policy. I think that these feeds should be considered "advisory information" and made available in a format that can easily be integrated into a change control system where humans can check and validate the data. I really do think that LDAP would be the ideal protocol for doing this. As for oversight of Cymru's bogon list and trust issues... well, this is what the RIR system was developed for. We don't technically need RIRs to allocate IP addresses. But we do need them to provide oversight and trust of the whole IP allocation process. At this point, most people have no idea who Cymru is other than Rob Thomas and while he appears to be a very clued and trustworthy individual, he is operating a service that does not have community oversight in the same way as the RIRs. In a sense, Rob is a hacker who has installed his rootkit into the IANA/RIR system. He was only able to do so because the IANA and RIRs were not paying enough attention to their interfaces, thus creating a grey area which Cymru is filling. --Michael Dillon
Current thread:
- Bogon filtering (don't ban me) J. Oquendo (Dec 02)
- Re: Bogon filtering (don't ban me) william(at)elan.net (Dec 02)
- Re: Bogon filtering (don't ban me) Hank Nussbacher (Dec 02)
- Re: Bogon filtering (don't ban me) Jeroen Massar (Dec 03)
- Re: Bogon filtering (don't ban me) Jon Lewis (Dec 03)
- Re: Bogon filtering (don't ban me either) Jerry Pasker (Dec 03)
- Re: Bogon filtering (don't ban me) Hank Nussbacher (Dec 02)
- Re: Bogon filtering (don't ban me) william(at)elan.net (Dec 02)
- Re: Bogon filtering (don't ban me) Christopher L. Morrow (Dec 02)
- Re: Bogon filtering Jeroen Massar (Dec 03)
- Re: Bogon filtering Michael . Dillon (Dec 03)
- Re: Bogon filtering Rob Thomas (Dec 03)
- Re: Bogon filtering Patrick W Gilmore (Dec 03)
- Re: Bogon filtering Michael . Dillon (Dec 03)
- <Possible follow-ups>
- RE: Bogon filtering (don't ban me) Mark Segal (Dec 03)
- IBM --- Bogon filtering Majid Farid (Dec 03)
- RE: Bogon filtering (don't ban me) Hank Nussbacher (Dec 04)
- RE: Bogon filtering (don't ban me) Rob Thomas (Dec 04)
- Re: Bogon filtering (don't ban me) Cliff Albert (Dec 05)
- Re: Bogon filtering (don't ban me) Joe Abley (Dec 05)
- Re: Bogon filtering (don't ban me) Cliff Albert (Dec 05)