[routing-wg] Fwd: Re: [address-policy-wg] Re-issue of reclaimed 16bit ASNs and modifications to references in routing policy to these resources
- Previous message (by thread): [routing-wg] [address-policy-wg] Re-issue of reclaimed 16bit ASNs and modifications to references in routing policy to these resources
- Next message (by thread): [routing-wg] [address-policy-wg] Re-issue of reclaimed 16bit ASNs and modifications to references in routing policy to these resources
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Opteamax RIPE-Team
ripe at opteamax.de
Mon Jun 9 16:23:03 CEST 2014
-------- Ursprüngliche Nachricht -------- Von: Jens Ott - Opteamax GmbH <jo at opteamax.de> Gesendet: 9. Juni 2014 16:20:54 MESZ An: Hank Nussbacher <hank at efes.iucc.ac.il>, "João Damas" <joao at bondis.org>, routing-wg at ripe.net, address-policy-wg at ripe.net Betreff: Re: [address-policy-wg] Re-issue of reclaimed 16bit ASNs and modifications to references in routing policy to these resources On 9. Juni 2014 15:53:15 MESZ, Hank Nussbacher <hank at efes.iucc.ac.il> wrote: >At 14:49 09/06/2014 +0200, João Damas wrote: >>Dear all, >>at the recent RIPE 68 meeting there was a discussion about issues >>concerning the re-issue of recovered 16-bit ASNs by the RIPE NCC and >>possible modifications to the content of routing-related attributes in > >>RIPE Database objects, namely the routing policy attributes of autnum >and >>as-set objects. >> >>The observed consensus during the meeting was that: >> >>- the RIPE NCC should not to remove references to recovered ASNs from >>import and export lines, and neither from as-set objects; routing >policies >>are the realm of the object owner and are not related to allocation >data. > >On a related matter, is it possible currently to setup my aut-num that >if >anyone adds my autnum to their import/export/as-set objects I would >receive >a notification about it? Currently the "notify" field only informs me >of >changes to the specific aut-num, not people who reference my aut-num >w/o my >permission? > >If this is not feasible with the system today, would it be possible to >add >this feature? I'll explain the rationale: we have recently discovered >that >hostile aut-num's that intend to perform a BGP hijack, will add the >victims >aut-num to their routing policy or to their unsuspecting upstream. >This >policy is then picked up as legitimate and propogated. By having a >"notify-on-policy" email address field, I would be able to quickly see >who >is planning on hijacking my IP ranges. > >Comments? > I fully support your point. I also observed what you told here. Therefore we enhanced our Prefixlist-Generator doing counter-checks if an import statement also have a corresponding export - statement. Result is, that the prefixlist generation takes about 10 times longer, our caching database grew by factor eight (as we now also need to cache autnum objects of child- and grandchild-objects) ... So a "notify-on-policy" - how you called it - would be very appreciated! BR Jens >Thanks, >Hank > > > > > >!DSPAM:637,5395bdec188062364380171! -- Jens Ott Opteamax GmbH Simrockstr. 4G 53619 Rheinbreitbach Tel. +49 2224 969500 Email: jo at opteamax.de -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.ripe.net/ripe/mail/archives/routing-wg/attachments/20140609/91966f58/attachment.html>
- Previous message (by thread): [routing-wg] [address-policy-wg] Re-issue of reclaimed 16bit ASNs and modifications to references in routing policy to these resources
- Next message (by thread): [routing-wg] [address-policy-wg] Re-issue of reclaimed 16bit ASNs and modifications to references in routing policy to these resources
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]