Von: Jens Ott - Opteamax GmbH <jo@opteamax.de>
Gesendet: 9. Juni 2014 16:20:54 MESZ
An: Hank Nussbacher <hank@efes.iucc.ac.il>, "João Damas" <joao@bondis.org>, routing-wg@ripe.net, address-policy-wg@ripe.net
Betreff: Re: [address-policy-wg] Re-issue of reclaimed 16bit ASNs and modifications to references in routing policy to these resources
On 9. Juni 2014 15:53:15 MESZ, Hank Nussbacher <hank@efes.iucc.ac.il> wrote:
At 14:49 09/06/2014 +0200, João Damas wrote:
Dear all,
at the recent RIPE 68 meeting there was a discussion about issues
concerning the re-issue of recovered 16-bit ASNs by the RIPE NCC and
possible modifications to the content of routing-related attributes in
RIPE Database objects, namely the routing policy attributes of autnum
and
as-set objects.
The observed consensus during the meeting was that:
- the RIPE NCC should not to remove references to recovered ASNs from
import and export lines, and neither from as-set objects; routing
policies
are the realm of the object owner and are not related to allocation
data.
On a related matter, is it possible currently to setup my aut-num that
if
anyone adds my autnum to their import/export/as-set objects I would
receive
a notification about it? Currently the "notify" field only informs me
of
changes to the specific aut-num, not people who reference my aut-num
w/o my
permission?
If this is not feasible with the system today, would it be possible to
add
this feature? I'll explain the rationale: we have
recently discovered
that
hostile aut-num's that intend to perform a BGP hijack, will add the
victims
aut-num to their routing policy or to their unsuspecting upstream.
This
policy is then picked up as legitimate and propogated. By having a
"notify-on-policy" email address field, I would be able to quickly see
who
is planning on hijacking my IP ranges.
Comments?
I fully support your point. I also observed what you told here. Therefore we enhanced our Prefixlist-Generator doing counter-checks if an import statement also have a corresponding export - statement. Result is, that the prefixlist generation takes about 10 times longer, our caching database grew by factor eight (as we now also need to cache autnum objects of child- and grandchild-objects) ...
So a "notify-on-policy" - how you called it - would be very appreciated!
BR Jens
Thanks,
Hank
!DSPAM:637,5395bdec188062364380171!
--
Jens Ott
Opteamax GmbH
Simrockstr. 4G
53619 Rheinbreitbach
Tel. +49 2224 969500
Email: jo@opteamax.de