nanog mailing list archives
Re: soBGP deployment
From: Todd Underwood <todd () renesys com>
Date: Thu, 26 May 2005 06:22:26 -0400
tony, all, On Wed, May 25, 2005 at 04:24:07PM -0700, Tony Li wrote:
Fundamentally, there is a serious scalability issue with doing everything at configuration generation time. Since one cannot predict with certainty what AS paths will be seen for which prefix, one would have to authenticate each and every possible path and then encode the authenticated paths in the configuration.
but you don't really have to do this to solve a big chunk of the problem. wouldn't it be a good start to simply be able to authenticate originations? and by originations, i don't just mean the single AS, but i the set of length-2 paths that form the existing originations for a prefix. the list of all prefixes seen in the global table combined with all origination patterns seen for the past 6 months or so is realively easy to produce. the scalability problem, as i understand it (not at all an expert here) is that routers won't currently handle such a list with regexps very well. apparently, ciscos will not allow filtering advertisements on a combination of prefix + as-path regexp at all and junipers will, but the perception is that they will not scale to a list of 300-500K (which is the union of routes in global tables without any consolidation). if you could consolidate all equally originated prefixes under their covering supernets and still adequately filter, that number would be *much* smaller, obviously. t. -- _____________________________________________________________________ todd underwood director of operations & security renesys - interdomain intelligence todd () renesys com www.renesys.com
Current thread:
- Re: the problems being solved -- or not, (continued)
- Re: the problems being solved -- or not Russ White (May 24)
- Re: the problems being solved -- or not Pete Templin (May 24)
- Re: the problems being solved -- or not Pekka Savola (May 24)
- Re: the problems being solved -- or not Tony Li (May 24)
- Re: soBGP deployment Randy Bush (May 24)
- Re: soBGP deployment Tony Li (May 24)
- Re: soBGP deployment Daniel Karrenberg (May 25)
- Re: soBGP deployment Tony Li (May 25)
- Re: soBGP deployment Jeroen Massar (May 26)
- Re: soBGP deployment william(at)elan.net (May 26)
- Re: soBGP deployment Todd Underwood (May 26)
- Re: soBGP deployment Bill Woodcock (May 26)
- Re: soBGP deployment Bill Woodcock (May 26)
- Re: soBGP deployment Steve Gibbard (May 25)
- Re: soBGP deployment Tony Li (May 25)
- Re: soBGP deployment Steve Gibbard (May 25)
- Re: soBGP deployment Todd Underwood (May 26)
- Re: soBGP deployment Daniel Golding (May 26)
- Re: soBGP deployment Randy Bush (May 26)
- Re: soBGP deployment Tony Li (May 26)
- Re: soBGP deployment william(at)elan.net (May 26)