On 9 May 2011 14:02, Gert Doering <gert@space.net> wrote:
Hi,
On Thu, May 05, 2011 at 05:11:33AM -0400, Martin Millnert wrote:
"Considering invalid routes for BGP decision process is a pure ***local policy matter*** and should be done with utmost care." (Emphasis mine)
I am hoping you can give some practical examples on how one goes about considering routes invalid with utmost care.
You could, for example, adjust routing preference in accordance to the availability of an RPKI signature
Yes, this is a good use for RPKI from a technical PoV it means that those routes that are signed are given a better chance of attracting the traffic... ... but some would say that splitting your networking to /24 for traffic management purposes is good from a technical PoV. I like the idea of the contents of the DB being signed so people can check the accuracy (and validity) of the contents - what I don't like is the move to an automated on router solution that checks for validity on the fly (and that seems to be where people want this to go) because that leads to a system where someone controlling the source of the data can then influence my routing decisions. Maybe its the fact that RIPE are providing the full solution as well as the ability to publish the information thats the issue, if rather than the NCC creating a tool for validation it just published the keys and the software tools for people to do the validation themselves then I might be happier. J -- James Blessing 07989 039 476