[db-wg] out of region routing in the RIPE Database
- Previous message (by thread): [db-wg] out of region routing in the RIPE Database
- Next message (by thread): Whois Master Database Patch
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Clement Cavadore
clement at cavadore.net
Mon Aug 14 22:04:25 CEST 2017
On Tue, 2017-07-18 at 15:26 +0200, Nick Hilliard via db-wg wrote: > > I am not in favour of having the RIPE database as an open-access > database on the basis that this mixes up two sets of data, > authoritative > and non-authoritative, and it it is impossible for someone casually > querying the database to determine which is which. > > Some people are inserting random route: objects into the database, and > those route: objects are being picked up by provisioning systems and > ending up configured on routers and IXP route servers. This enables > prefix hijacking, which is a pressing operational issue. I agree with Nick's position. It legitimates what seems to be rogue announcements, like for example 196.16.0.0/14, as mentionned recently on the NANOG mailing list (*). We should, IMHO not be able to insert out of region route(6) object without having a prior authentication mechanism, or making it be specially flagged, so the auto ACL system from upstreams wouldnt match it. (*) https://mailman.nanog.org/pipermail/nanog/2017-August/091954.html -- Clément Cavadore -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: This is a digitally signed message part URL: <https://lists.ripe.net/ripe/mail/archives/db-wg/attachments/20170814/e1ec51b8/attachment.sig>
- Previous message (by thread): [db-wg] out of region routing in the RIPE Database
- Next message (by thread): Whois Master Database Patch
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]