On Mon, Jul 09, 2007 at 02:31:10PM +0800, Randy Bush wrote: > > > following existing BCPs with currently-deployed > > techniques/functionality/features would have prevented the issue > > described in the post. > > knowing that level(3) is one of the most serious deployments of > irr-based route filters and other prudent practices, perhaps we should > wait for a post mortem from level(3) before jumping to conclusions? > > randy
Level3's filter implmentation is indeed well-done, however, the fact remains that the IRR (which I use and endorse) has no linkage to any other source of information for purposes of validation. It's fundamentally garbage in, garbage out. Say some ISP has a provisioning tool which updates their router configs and the IRR in one fell swoop. If the provisioner makes a typo the IRR will gladly accept the entry for, say, 12/8, and the upstream will rebuild their filters with that entry automatically and you get the same result. There's no magic bullet in updating BGP if a fundamental, verifiable data model is not accepted and agreed upon. Tony
