[lacnog] Propuesta para crear un IRR en LAC mantenido por LACNIC / Proposal to create an IRR in LAC maintained by LACNIC
Luis Balbinot
luis en luisbalbinot.com
Dom Ene 14 22:46:38 BRST 2018
With all due respect, both AltDB and bgp.net.br are unreliable. They lack
response time and although they are replicated elsewhere some upstreams
won’t accept prefixes coming from them. Tata, for example, will only accept
prefixes from RADB and other accredited IRRs (ARIN, RIPE, etc). If LACNIC
deploys it’s own IRR there’s a higher chance those upstreams will start
accepting it.
Unfortunately, IRR is still the best operational solution that is globally
accepted. RPKI is nice, but won’t replace IRR because there’s a lot of
powerful tools around RPSL.
Luis
On Fri, 12 Jan 2018 at 17:30 Rubens Kuhl <rubensk en gmail.com> wrote:
> On Fri, Jan 12, 2018 at 5:11 PM, Job Snijders <job en ntt.net> wrote:
>
>> On Fri, Jan 12, 2018 at 05:00:04PM -0200, Rubens Kuhl wrote:
>> > > Por cierto, muchos (prácticamente todos) otros RIRs ya brindan ese
>> > > servicios a sus miembros y las alternativas disponibles (como RADb)
>> > > implican un costo anual de aprox US$500 que no todos los ISP pueden
>> > > pagar (sobre todo los más pequeños).
>> >
>> > bgp.net.br provides IRR services for Brazilian networks for free, as
>> > does AltDB for networks from everywhere.
>>
>> A challenge with databases like ALTDB and RADB is that there is no
>> verification whether a route object actually was created by the owner of
>> the IP space, or by some random person. Virtually anyone can create
>> virtually anything in these databases.
>>
>
> That's not the case of bgp.net.br, because it is strictly tied to
> contacts in the Brazilian IP space registry.
>
>
>> Therefor, 'Third party' databases like the above may not be an ideal
>> substitute for what an RIR could offer its members. RIRs are in a unique
>> position to couple the 'ownership' of a block to certain actions, this
>> is what happens in RPKI. APNIC is a good example of this: only the owner
>> of an IP block (or a designated authorized person) can create route
>> objects.
>>
>
> And as bgp.net.br shows, this can be done either by the RIR itself
> providing IRR services, or by someone else strictly following RIR published
> data. Both methods work.
>
>
>>
>> I wonder what real problem is being solved by creating a LACNIC IRR: is
>> the trouble that some IP carriers cannot query the RPKI (and thus need
>> that data in IRR format?) - or is the problem that things are done in
>> IRR that cannot be done in RPKI? More insight into the motivations
>> behind this request would be helpful.
>>
>>
> RPKI has a know limitation regarding path validation. Origin validation is
> the main feature of RPKI, but that address some mostly unusual cases like
> the Pakistan/Youtube issue (IGP to EGP redistribution). Most real life
> problems occur when people redistribute BGP to BGP creating paths that
> cause issues, and that's something current RPKI can't address.
>
>
> Rubens
>
>
> _______________________________________________
> LACNOG mailing list
> LACNOG en lacnic.net
> https://mail.lacnic.net/mailman/listinfo/lacnog
> Cancelar suscripcion: https://mail.lacnic.net/mailman/options/lacnog
>
------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: <https://mail.lacnic.net/pipermail/lacnog/attachments/20180115/3dea6649/attachment.html>
Más información sobre la lista de distribución LACNOG