[lacnog] Propuesta para crear un IRR en LAC mantenido por LACNIC / Proposal to create an IRR in LAC maintained by LACNIC

Rubens Kuhl rubensk en gmail.com
Dom Ene 14 23:53:33 BRST 2018 

On Sun, Jan 14, 2018 at 10:46 PM, Luis Balbinot <luis en luisbalbinot.com>
wrote:

> With all due respect, both AltDB and bgp.net.br are unreliable. They lack
> response time and although they are replicated elsewhere some upstreams
> won’t accept prefixes coming from them. Tata, for example, will only accept
> prefixes from RADB and other accredited IRRs (ARIN, RIPE, etc).
>

http://www.irr.net/docs/list.html#RADB mentions that RADB mirrors ALTDB,
bgp.net.br and others. Does Tata use source selection on RADB data ?



> If LACNIC deploys it’s own IRR there’s a higher chance those upstreams
> will start accepting it.
>

If someone is indeed doing IRR source selection, I understand why not
accepting ALTDB, but bgp.net.br does such a strict validation of
maintainers and objects that it's as trustworthy as if if operated by the
IP registry itself.

Which doesn't preclude LACNIC from providing such a service if they feel
like it, but the


>
> Unfortunately, IRR is still the best operational solution that is globally
> accepted. RPKI is nice, but won’t replace IRR because there’s a lot of
> powerful tools around RPSL.
>
>
What I would like to see is an IRR/RPKI combo where RPKI is used to sign a
reference an IRR the ASN keeps updated and reliable data. For instance a
signed object that would list TC for bgp.net.br, RABD, ARIN, RIPE etc.,
that an autonomous system would only include in the DFZ after confirming
all data related to that number resources are correctly recorded. So if an
IRR operator goes stale, that ASN could publish in a different IRR; if
someone rogue publishes fake data in one other IRR, it doesn't matter since
the RPKI-signed object says to look-up at an specific repository.

An IANA registry could point IRR names to specific URLs and hashes, in
order to keep data verifiable down the chain.


Rubens
------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: <https://mail.lacnic.net/pipermail/lacnog/attachments/20180114/f1684be2/attachment-0001.html>

Más información sobre la lista de distribución LACNOG