[lacnog] Propuesta para crear un IRR en LAC mantenido por LACNIC / Proposal to create an IRR in LAC maintained by LACNIC
Rubens Kuhl
rubensk en gmail.com
Vie Ene 12 17:30:20 BRST 2018
On Fri, Jan 12, 2018 at 5:11 PM, Job Snijders <job en ntt.net> wrote:
> On Fri, Jan 12, 2018 at 05:00:04PM -0200, Rubens Kuhl wrote:
> > > Por cierto, muchos (prácticamente todos) otros RIRs ya brindan ese
> > > servicios a sus miembros y las alternativas disponibles (como RADb)
> > > implican un costo anual de aprox US$500 que no todos los ISP pueden
> > > pagar (sobre todo los más pequeños).
> >
> > bgp.net.br provides IRR services for Brazilian networks for free, as
> > does AltDB for networks from everywhere.
>
> A challenge with databases like ALTDB and RADB is that there is no
> verification whether a route object actually was created by the owner of
> the IP space, or by some random person. Virtually anyone can create
> virtually anything in these databases.
>
That's not the case of bgp.net.br, because it is strictly tied to contacts
in the Brazilian IP space registry.
> Therefor, 'Third party' databases like the above may not be an ideal
> substitute for what an RIR could offer its members. RIRs are in a unique
> position to couple the 'ownership' of a block to certain actions, this
> is what happens in RPKI. APNIC is a good example of this: only the owner
> of an IP block (or a designated authorized person) can create route
> objects.
>
And as bgp.net.br shows, this can be done either by the RIR itself
providing IRR services, or by someone else strictly following RIR published
data. Both methods work.
>
> I wonder what real problem is being solved by creating a LACNIC IRR: is
> the trouble that some IP carriers cannot query the RPKI (and thus need
> that data in IRR format?) - or is the problem that things are done in
> IRR that cannot be done in RPKI? More insight into the motivations
> behind this request would be helpful.
>
>
RPKI has a know limitation regarding path validation. Origin validation is
the main feature of RPKI, but that address some mostly unusual cases like
the Pakistan/Youtube issue (IGP to EGP redistribution). Most real life
problems occur when people redistribute BGP to BGP creating paths that
cause issues, and that's something current RPKI can't address.
Rubens
------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: <https://mail.lacnic.net/pipermail/lacnog/attachments/20180112/6517b50b/attachment-0001.html>
Más información sobre la lista de distribución LACNOG