<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Jan 12, 2018 at 5:11 PM, Job Snijders <span dir="ltr"><<a href="mailto:job@ntt.net" target="_blank">job@ntt.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On Fri, Jan 12, 2018 at 05:00:04PM -0200, Rubens Kuhl wrote:<br>
> > Por cierto, muchos (prácticamente todos) otros RIRs ya brindan ese<br>
> > servicios a sus miembros y las alternativas disponibles (como RADb)<br>
> > implican un costo anual de aprox US$500 que no todos los ISP pueden<br>
> > pagar (sobre todo los más pequeños).<br>
><br>
> <a href="http://bgp.net.br" rel="noreferrer" target="_blank">bgp.net.br</a> provides IRR services for Brazilian networks for free, as<br>
> does AltDB for networks from everywhere.<br>
<br>
</span>A challenge with databases like ALTDB and RADB is that there is no<br>
verification whether a route object actually was created by the owner of<br>
the IP space, or by some random person. Virtually anyone can create<br>
virtually anything in these databases.<br></blockquote><div><br></div><div>That's not the case of <a href="http://bgp.net.br">bgp.net.br</a>, because it is strictly tied to contacts in the Brazilian IP space registry. </div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Therefor, 'Third party' databases like the above may not be an ideal<br>
substitute for what an RIR could offer its members. RIRs are in a unique<br>
position to couple the 'ownership' of a block to certain actions, this<br>
is what happens in RPKI. APNIC is a good example of this: only the owner<br>
of an IP block (or a designated authorized person) can create route<br>
objects.<br></blockquote><div><br></div><div>And as <a href="http://bgp.net.br">bgp.net.br</a> shows, this can be done either by the RIR itself providing IRR services, or by someone else strictly following RIR published data. Both methods work. </div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
I wonder what real problem is being solved by creating a LACNIC IRR: is<br>
the trouble that some IP carriers cannot query the RPKI (and thus need<br>
that data in IRR format?) - or is the problem that things are done in<br>
IRR that cannot be done in RPKI? More insight into the motivations<br>
behind this request would be helpful.<br>
<div class="HOEnZb"><div class="h5"><br></div></div></blockquote><div><br></div><div>RPKI has a know limitation regarding path validation. Origin validation is the main feature of RPKI, but that address some mostly unusual cases like the Pakistan/Youtube issue (IGP to EGP redistribution). Most real life problems occur when people redistribute BGP to BGP creating paths that cause issues, and that's something current RPKI can't address. </div><div><br></div><div><br></div><div>Rubens</div><div><br></div><div><br></div></div></div></div>