+1 This transmission is intended solely for the addressee(s) shown above. It may contain information that is privileged, confidential or otherwise protected from disclosure. Any review, dissemination or use of this transmission or its contents by persons other than the intended addressee(s) is strictly prohibited. If you have received this transmission in error, please notify this office immediately and e-mail the original at the sender's address above by replying to this message and including the text of the transmission received.
On 2014年6月10日, at 下午12:00, address-policy-wg-request@ripe.net wrote:
Send address-policy-wg mailing list submissions to address-policy-wg@ripe.net
To subscribe or unsubscribe via the World Wide Web, visit https://www.ripe.net/mailman/listinfo/address-policy-wg or, via email, send a message with subject or body 'help' to address-policy-wg-request@ripe.net
You can reach the person managing the list at address-policy-wg-owner@ripe.net
When replying, please edit your Subject line so it is more specific than "Re: Contents of address-policy-wg digest..."
Today's Topics:
1. Re: Re-issue of reclaimed 16bit ASNs and modifications to references in routing policy to these resources (Nick Hilliard) 2. Re: Re-issue of reclaimed 16bit ASNs and modifications to references in routing policy to these resources (Dimitri I Sidelnikov) 3. Re: Re-issue of reclaimed 16bit ASNs and modifications to references in routing policy to these resources (Jens Ott - Opteamax GmbH)
----------------------------------------------------------------------
Message: 1 Date: Mon, 09 Jun 2014 15:40:52 +0100 From: Nick Hilliard <nick@inex.ie> Subject: Re: [address-policy-wg] Re-issue of reclaimed 16bit ASNs and modifications to references in routing policy to these resources To: Hank Nussbacher <hank@efes.iucc.ac.il>, Jo?o Damas <joao@bondis.org>, routing-wg@ripe.net, address-policy-wg@ripe.net Message-ID: <5395C774.2040403@inex.ie> Content-Type: text/plain; charset=ISO-8859-1
On 09/06/2014 14:53, Hank Nussbacher wrote: On a related matter, is it possible currently to setup my aut-num that if anyone adds my autnum to their import/export/as-set objects I would receive a notification about it? Currently the "notify" field only informs me of changes to the specific aut-num, not people who reference my aut-num w/o my permission?
+1
I'd also like to see when someone includes my autnums or as-sets in their as-sets. This has clobbered me in the past with highly unwelcome changes to production traffic flows.
Nick
------------------------------
Message: 2 Date: Mon, 09 Jun 2014 21:05:39 +0400 From: Dimitri I Sidelnikov <sid@free.net> Subject: Re: [address-policy-wg] Re-issue of reclaimed 16bit ASNs and modifications to references in routing policy to these resources To: routing-wg@ripe.net, address-policy-wg@ripe.net Message-ID: <5395E963.5030005@free.net> Content-Type: text/plain; charset=UTF-8
I support it.
09.06.2014 16:49, Jo?o Damas ?????:
Dear all, at the recent RIPE 68 meeting there was a discussion about issues concerning the re-issue of recovered 16-bit ASNs by the RIPE NCC and possible modifications to the content of routing-related attributes in RIPE Database objects, namely the routing policy attributes of autnum and as-set objects.
The observed consensus during the meeting was that:
- the RIPE NCC should not to remove references to recovered ASNs from import and export lines, and neither from as-set objects; routing policies are the realm of the object owner and are not related to allocation data. - the RIPE NCC will inform the maintainer of the object containing the obsolete reference about this reference. The RIPE NCC will also offer support to the maintainer to delete the reference; - the RIPE NCC will start re-assigning referenced AS numbers once the unreferenced pool of 16-bit AS numbers has been exhausted.
We would like to close the issue and be able to provide clear guidance to the RIPE NCC so we would like to get confirmation for this outcome also from the working group mailing lists. This is not a policy issue: the re-allocation of recovered ASNs was dealt with by the APWG, the current issue is related to alterations to RIPE Database objects that reference the resources subject to re-allocation. We propose a 15 day comment period, ending June 24th 2014.
Sander Steffann, Gert D?ring, Rob Evans, Jo?o Damas
--
Kind regards, --- D.Sidelnikov
------------------------------
Message: 3 Date: Mon, 09 Jun 2014 16:20:54 +0200 From: Jens Ott - Opteamax GmbH <jo@opteamax.de> Subject: Re: [address-policy-wg] Re-issue of reclaimed 16bit ASNs and modifications to references in routing policy to these resources To: Hank Nussbacher <hank@efes.iucc.ac.il>, Jo?o Damas <joao@bondis.org>, routing-wg@ripe.net, address-policy-wg@ripe.net Message-ID: <3c678c23-376e-4fa7-a0fc-50f3181a4ba9@email.android.com> Content-Type: text/plain; charset=UTF-8
On 9. Juni 2014 15:53:15 MESZ, Hank Nussbacher <hank@efes.iucc.ac.il> wrote: At 14:49 09/06/2014 +0200, Jo?o Damas wrote:
Dear all, at the recent RIPE 68 meeting there was a discussion about issues concerning the re-issue of recovered 16-bit ASNs by the RIPE NCC and possible modifications to the content of routing-related attributes in
RIPE Database objects, namely the routing policy attributes of autnum and as-set objects.
The observed consensus during the meeting was that:
- the RIPE NCC should not to remove references to recovered ASNs from import and export lines, and neither from as-set objects; routing policies are the realm of the object owner and are not related to allocation data.
On a related matter, is it possible currently to setup my aut-num that if anyone adds my autnum to their import/export/as-set objects I would receive a notification about it? Currently the "notify" field only informs me of changes to the specific aut-num, not people who reference my aut-num w/o my permission?
If this is not feasible with the system today, would it be possible to add this feature? I'll explain the rationale: we have recently discovered that hostile aut-num's that intend to perform a BGP hijack, will add the victims aut-num to their routing policy or to their unsuspecting upstream. This policy is then picked up as legitimate and propogated. By having a "notify-on-policy" email address field, I would be able to quickly see who is planning on hijacking my IP ranges.
Comments?
I fully support your point. I also observed what you told here. Therefore we enhanced our Prefixlist-Generator doing counter-checks if an import statement also have a corresponding export - statement. Result is, that the prefixlist generation takes about 10 times longer, our caching database grew by factor eight (as we now also need to cache autnum objects of child- and grandchild-objects) ...
So a "notify-on-policy" - how you called it - would be very appreciated!
BR Jens
Thanks, Hank
!DSPAM:637,5395bdec188062364380171!
-- Jens Ott Opteamax GmbH Simrockstr. 4G 53619 Rheinbreitbach Tel. +49 2224 969500 Email: jo@opteamax.de
End of address-policy-wg Digest, Vol 34, Issue 10 *************************************************