In message <19970528090307.29708.qmail@pool.pipex.net>, Tony Barber writes:
Tony,
A lot of these are registered in the IRR as aggregates. Most of the more specifics are not registered. Filtering on IRR content would also keep aggregation leaks out if you have routers that can do it.
Curtis, sure but as Janos said there is nothing to stop people registering daft routes :-/
Tony
Wouldn't hierarchical authorization optionally based on the IP number registry where that information was readily available be a nice feature. :) The idea behind filtering on IRR registered prefixes is you filter on what each provider intended to announce. If they leak components from an aggregate no harm is done as long as the aggregate is properly formed by at least one of their border routers. If a provider announces something they shouldn't (or their customer does and they pass it along) and never intended to (as in the recent well know incident) it does no harm. The cases cited in the prior mail on this thread look like broken aggregates, that is ones that someone wanted to configure but somehow didn't get it right or somehow broke it along the way. We try to summarize what looks like broken aggregates. The latest is at: http://engr.ans.net/route-dumps/970528/overlap-summary.html If you filter on IRR registered prefixes you will eliminate about 5,000 to 7,500 prefixes that are overlapped by announced aggregates. The report above (overlap-summary.html) lists 205 aggregates that are registered in the IRR but are not being announced, these overlap 832 prefixes that are not registered in the IRR. If these 205 aggregates get announced, the 832 prefixes (that aren't registered) truly aren't needed. Curtis btw - the latest list of announced but unregistered prefixes is at: http://engr.ans.net/route-dumps/970528/ There are 417 origin AS covering 2,559 unregistered but announced prefixes (actually prefixes with more than one origin are counted twice - consider that a bug). In the latest routing dump there were 50,556 prefix/as-path pairs and 43,307 unique prefixes, up from 44,147 and 40,478. This seems to be mostly aggregates that were recently broken. The "overlapped by announced aggregates" count dropped from 7,523 to 5,811. This seems to indicate that quite a few aggregates got broken. There were also 813 prefix lengths > 24 and 15 announced prefixes overlapping reserved prefixes or unallocated space. It seems that if the increase from 40,478 to 43,307 are broken aggregates, a lot of the broken aggregates must have the components registered in the IRR as well. (This might be motivation for a "is this component really needed" report).