On Jul 2, 2015, at 12:05 PM, Sascha Luck [ml] <dbwg@c4inet.net> wrote:
On Thu, Jul 02, 2015 at 11:42:12AM +0200, Alex Band wrote:
Thanks for sharing your experiences George.
I'm curious to hear from our Community about what they think about this mode of operation; simply create the route object on the inetnum holder's authorisation alone, inform the ASN holder that it was created and only remove the object if they object.
It would simplify the authorisation model tremendously and save a lot of frustration and customer support tickets.
Seeing that APNIC has positive experiences, would our Community support such an approach considering the up and downsides?
Works for me. It's within the authority of the prefix holder to decide whom to allow to advertise the prefix. If the ASN holder doesn't want to advertise it, don't.
Out of interest, do you propose to automate the removal of disputed route: objects? How would that be authorised if maintained solely by the inetnum: maintainer?
The same authorisation that is currently required to do pre-approval of the ASN side of route object creation, could be used to allow 'post-deletion'. I.e. even though there would be no mnt-by for the ASN holder, they would be able to delete the object provided they have access to the relevant aut-num maintainer (mnt-by, mnt-routes). This way the ASN holder could use existing APIs and web-updates to delete the object in response to the notification of the route object creation (we can easily include a link to web updates). ASNs that want to be more restrictive could even automate querying the database for route objects with their ASN in the "origin:" and delete unwanted objects they find. Regards, Tim Bruijnzeels
rgds, Sascha Luck