RE: 69/8...this sucks -- Centralizing filtering..

Mailman List Mirror (Read Only)
1

I don't think ARIN can help the situation. ISPs just need to remove

the

access lists from each router in the network and centralize them.

I totally agree with you. However, as always, centralized systems, while
ease management and scalability, everything becomes a trust issue and a
single point of failure or source of problems...

Yeah, who would you trust to maintain a centralized database of IP address
ranges?

May be, this could be a subscription based type of service, something

like

RADB, where everyone subscribes into a central filtering list that is
managed by a seperate organization?

Yup, you're right. This should be done by a 3rd party organization, not an
ISP. I wonder whether there are any 3rd party organizations trusted by
ISPs that have experience in maintaining a database of IP address ranges?

ARIN, perhaps?

I really like the Rob's bogon
route-server setup.

That's probably because you are a router geek. I have nothing against
Rob's setup but I know that the vast majority of geeks know nothing about
route-servers and have no incentive to learn about them. But they all know
what LDAP is, some of them already run LDAP servers and the rest probably
plan to learn more about LDAP some day. We could leverage that widespread
knowledge of LDAP by publishing route data (or any other data regarding
attributes of IP address ranges) using the IETF standard LDAPv3 protocol.

In fact, I know that Rob is considering setting up an LDAP server as an
alternative way to offer bogon data. I think this is a great idea as a
testbed, i.e. offer the data through many protocols and see which is most
popular. Howevere, I think that when it does become popular, it needs to
be integrated with ARIN's authoritative database of IP address
delegations.

-- Michael Dillon

2

Hi, NANOGers.

] But they all know what LDAP is...

I don't know that I'd say that. I'll bet they all are more familiar
with HTTP and DNS (both have bogon feeds available). I view LDAP as
yet another way to share the data, not the ultimate way to share the
data. I'm not trying to start a flame war here, just pointing out
that a variety of feeds meet many more requirements, and that there
are several types of data feeds available now. This includes the
recently added pure text bogon files, suitable for easy parsing.

http://www.cymru.com/Bogons/

] In fact, I know that Rob is considering setting up an LDAP server as an

Yep, it is high on my burgeoning to-do list. :slight_smile:

Thanks,
Rob.

3

I'm not trying to start a flame war here, just pointing out
that a variety of feeds meet many more requirements, and that there
are several types of data feeds available now. This includes the
recently added pure text bogon files, suitable for easy parsing.

http://www.cymru.com/Bogons/

I have been using Rob's Bogon Route Server peering for several months.
I love this service. The Bogon Route Server peers with my Zebra Route
Server, which is in full mesh with all my iBGP routers. This allows me more
chances to filter and make sanity checks.

I was home sick when the last address space was allocated & my routers
updated themselves.

James Edwards
Routing and Security
jamesh@cybermesa.com
At the Santa Fe Office: Internet at Cyber Mesa