Why not look at the exiting BGP policy tool we have today in 12.0S, 12.2S, Junos, and IOX to see if it can be a configurable policy - if it is not - draft a new feature description. You got both vendor here. I've done this in other SP Security forums. There are something on this list that are interesting ideas - but out of context of how the various flavors of routing software in the industry works. There are other things - like this routing policy idea - that can be walked through to the point where we have new tools added to vendor's security toolkit.
-----Original Message----- From: Mike Hughes [mailto:mike@linx.net] Sent: Wednesday, October 12, 2005 7:37 AM To: Barry Greene (bgreene) Cc: routing-wg@ripe.net Subject: RE: [routing-wg]Routing Aggregation Policy
--On 12 October 2005 06:41 -0700 "Barry Greene (bgreene)" <bgreene@cisco.com> wrote:
How would you enforce a policy like this (Other than peer pressure)?
Okay, judging from some of the messages I've had privately, as well as this one, I obviously didn't make myself clear.
As an enforceable policy this FAILED.
The LINX members voted to reject any sort of interference in/policing of their routing, for a number of reasons.
Once it had failed, I was given an action by the LINX General Meeting to take the bones of failed policy, as it stood at the time of the rejection, and offer it to the RIPE routing-wg as the basis for a Best Practice document, which by nature is non-enforceable.
Cheers, Mike -- Mike Hughes Chief Technical Officer London Internet Exchange mike@linx.net http://www.linx.net/ "Only one thing in life is certain: init is Process #1"