AS8584 taking over the internet


I believe that the implication was that: 1) they're not directly
connected to any of the major _US_ backbones, and 2) they're on the
other end of a fairly thin hose.

And they can _still_ hose things this badly.

This speaks not well of the architecture involved.

No, no, it speaks _well_ for the architecture - equal opportunity
hosage! There is no backone-hasage cabale; all that enter into bgp
relationships can have a shot at hurting the net...

  - yes, filters are Good. customers, especially if new to complicated
    things, should have both as-path and prefix filters placed against
    them. the questions to ask oneself regarding peers is "how clueful
    are they, really? and do their procedures allow only these clueful
    into the boxes? am I willing to tie my performance/reliability/
    reputation to theirs in this intimate a fashion? are my bosses
    willing to do so? " People like to think in terms of the first
    question, not the last two.
  - yes, the IRR is good (and yes, their PGP implementation works);
    giving third parties the ability to verify your organization's
    "routing intent" cannot be construed as bad -- the data is publicly
    visible. there's nothing to hide.
  - yes, filtering doesn't mean not pushing IRR (or other forms of
    distributed data) on folks. IRR (or ...) doesn't mean not trying
    to more closely tie authentication/verification vs realtime; present
    tools are config-only, which aren't dynamic enough for the real net.