-------- Ursprüngliche Nachricht -------- Von: Jens Ott - Opteamax GmbH <jo@opteamax.de> Gesendet: 9. Juni 2014 16:20:54 MESZ An: Hank Nussbacher <hank@efes.iucc.ac.il>, "João Damas" <joao@bondis.org>, routing-wg@ripe.net, address-policy-wg@ripe.net Betreff: Re: [address-policy-wg] Re-issue of reclaimed 16bit ASNs and modifications to references in routing policy to these resources On 9. Juni 2014 15:53:15 MESZ, Hank Nussbacher <hank@efes.iucc.ac.il> wrote:
At 14:49 09/06/2014 +0200, João Damas wrote:
Dear all, at the recent RIPE 68 meeting there was a discussion about issues concerning the re-issue of recovered 16-bit ASNs by the RIPE NCC and possible modifications to the content of routing-related attributes in
RIPE Database objects, namely the routing policy attributes of autnum and as-set objects.
The observed consensus during the meeting was that:
- the RIPE NCC should not to remove references to recovered ASNs from import and export lines, and neither from as-set objects; routing policies are the realm of the object owner and are not related to allocation data.
On a related matter, is it possible currently to setup my aut-num that if anyone adds my autnum to their import/export/as-set objects I would receive a notification about it? Currently the "notify" field only informs me of changes to the specific aut-num, not people who reference my aut-num w/o my permission?
If this is not feasible with the system today, would it be possible to add this feature? I'll explain the rationale: we have recently discovered that hostile aut-num's that intend to perform a BGP hijack, will add the victims aut-num to their routing policy or to their unsuspecting upstream. This policy is then picked up as legitimate and propogated. By having a "notify-on-policy" email address field, I would be able to quickly see who is planning on hijacking my IP ranges.
Comments?
I fully support your point. I also observed what you told here. Therefore we enhanced our Prefixlist-Generator doing counter-checks if an import statement also have a corresponding export - statement. Result is, that the prefixlist generation takes about 10 times longer, our caching database grew by factor eight (as we now also need to cache autnum objects of child- and grandchild-objects) ... So a "notify-on-policy" - how you called it - would be very appreciated! BR Jens
Thanks, Hank
!DSPAM:637,5395bdec188062364380171!
-- Jens Ott Opteamax GmbH Simrockstr. 4G 53619 Rheinbreitbach Tel. +49 2224 969500 Email: jo@opteamax.de