Hi Ronald On 21/11/2016 02:46, Ronald F. Guilmette wrote:
OK, so this all is starting to make a little bit more sense now, however I am still puzzled. If I've understood correctly, then RIPE-NCC-RPSL-MNT was depreciated starting in 2004. And there is
No. The MNTNER 'ripe-ncc-none-mnt' was deprecated in 2004 and any object referencing only that MNTNER was locked at that time. The MNTNER 'ripe-ncc-rpsl-mnt' is still in use now as a means of bypassing authorisation for out of region resources to allow these ROUTE objects to be created in the RIPE Database.
even a comment block in the WHOIS record for RIPE-NCC-RPSL-MNT telling people NOT to use that. And it appears that that comment, and indeed the entire record for RIPE-NCC-RPSL-MNT were last modified way back in 2006. So would I be correct if I said that people were told, very explicitly, not to use RIPE-NCC-RPSL-MNT anymore, starting from around the 2004-2006 time frame? And if everbody was told that, explicitly, for the last 10+ years, then why were people still using that handle as the mnt-by on their newly created route objects... and why were they even -allowed- to continue using that... right up until as recently as 2016-03-12?
The comment says "Do NOT use this maintainer as 'mnt-by'". It was never intended to be used in that way but many people did as a convenience. Early this year users were prevented from using this MNTNER in the "mnt-by:" attributes of other objects and any objects that still referenced it were locked. The comment also says descr: This maintainer may be used to create objects to represent descr: routing policy in the RIPE Database for number resources not descr: allocated or assigned from the RIPE NCC. This still IS the intended use of this MNTNER object.
I mean I understand that often times, not everybody "gets the memo" telling them "Don't do that anymore. Do this new thing instead." So, people being people, if you allow them to keep on doing the old thing, some of them inevitably will. The real mystery is why RIPE NCC effectively depreciated the use of RIPE-NCC-RPSL-MNT more than ten years ago, but then continued to allow people to use it anyway, apparently until just earlier this year.
I understand the concept of a "grace period" and of a "transition period", but TEN YEARS?? Wasn't that a bit, um, excessive?
In short, I'm not sure I understand why -new- uses of RIPE-NCC-RPSL-MNT were not simply made impossible on the day in 2004 when it was finally resolved that RIPE-NCC-RPSL-MNT should indeed be retired, going forward.
But I guess that's all water under the bridge now. I'm just saying that it doesn't make a lot of sense to me. But then I wasn't there at the time, so maybe in some obscure way it seemed to make sense at the time... and for 10+ year therafter, apparently.
Anyway, my real concern, which you didn't address, is still this one:
ME: You should not be allowing your peer/customer to announce route A.B.C.D/nn.
HIM: We filter by using the RIPE route registry. There is a route object in the RIPE data base that says that our peer/customer can announce A.B.C.D/nn.
I am concerned that in some cases the RIPE data base contains some route objects that should not have been allowed in there in the first place, and that to make matters worse, some of these now have mnt-by set to RIPE-NCC-LOCKED-MNT which has _two_ possible ill effects, i.e. (1) it hides the identity of the party who put the route object into the data base in the first place and (2) it in effect freezes in place some improper route objects that should never have gotten into the data base in the first place. And in some cases, for some of the providers who may be checking the routes that they either originate or pass against the RIPE data base, this may have the effect of permanently legitimizing bogus and perhaps even illicit routes.
I would like to know if anyone other than me thinks this might be an issue. I mean how will the bogus route objects ever be removed if they are set to RIPE-NCC-LOCKED-MNT?
Am I correct that at the current point in time, nobody actually even knows for sure who actually put the former RIPE-NCC-RPSL-MNT and now RIPE-NCC-LOCKED-MNT route objects into the data base and that thus, nobody even knows for sure who to ask whether or not those are even still needed or whether any of them are of any onoing usefulness?
See my previous response.
I don't imagine that at this point in time anyone has the stomach for simply purging all of the RIPE-NCC-LOCKED-MNT routes out of the data base (because there would probably be blood in the streets if that happened)
Many of these objects are there for a valid reason. cheers denis
but I again, looking back with 20/20 hindsight, it would appear that the task could have been made a lot less onerous all around if direct use of either RIPE-NCC-RPSL-MNT and/or RIPE-NCC-LOCKED-MNT by anyone other than NCC staff had simply been disallowed starting back 12 years ago.
(Oh! And while I'm at it, I'd also like to suggest that aluminum-powder based paint should not be used to coat the outside of the Hindenburg zeppelin, and that the Titanic be outfitted with a bigger rudder.)
Regards, rfg