Den 2015-11-05 kl. 20:40, skrev ripede...@yahoo.co.uk:
HI all
I am going to have one last go at solving this problem. I challenge
anyone/everyone to tell me why this is such a stupid idea, technically
impossible to do, won't solve any of the issues partially or fully.
Then I can shut up about it and go away. If you can't condemn the idea
then support it. Lets fix this issue once and for all, stop this
endless discussion about rogue ROUTE objects and get on with life.
So here is my 4 step proposal that I believe could be implemented
within a month. If we implemented this you can be sure that all ROUTE
objects in the RIPE Database were created with the knowledge and
approval of the related resource holders. I believe that is the
desired goal.
Hi Denis,
I don't see any immediate pitfalls in your 4-step. The only small, very
small, thing is step 3 and it can be abused. But only for <24h.
So I think your proposal makes sense. +1 for it.
rgrds,
/bengan
STEP 1
Any ROUTE object submitted for creation in the RIPE Database involving
an out of region resource (address space and/or ASN) where that out of
region resource does not exist in the authoritative RIR database (has
not been allocated or assigned), reject the creation.
The RIPE NCC mirrors the operational data from all the other 4 RIRs.
These mirrors are updated daily as well as the RIRs daily stats. It is
easy to determine if a resource is registered in the authoritative
database.
STEP 2
For those ROUTE objects from STEP 1 where the out of region resource
does exist, hold the object creation as pending. The mechanism for
doing this already exists in the RIPE Database software as it is used
for multiple authentications.
Lookup the out of region resource(s) in the authoritative database(s)
and find the contacts for that resource. Send a notification to those
contacts informing them of the pending ROUTE object creation in the
RIPE Database. The notification mechanism already exists in the RIPE
Database software. If they don't approve, do nothing and the creation
request will time out after a week and the object will not be created.
If they do approve, respond in some way (many technical options for
doing this that the RIPE NCC can choose from). If appropriate
approval(s) are received within a week, create the ROUTE object.
STEP 3
On a daily basis, for each ROUTE object in the RIPE Database that
relates to an out of region resource, check for the continued
existence of that resource in the appropriate RIR database. If it no
longer exists, delete the ROUTE object from the RIPE Database.
STEP 4
This is a one off cleanup of existing ROUTE objects. For all ROUTE
objects currently in the RIPE Database that relate to an out of
region, existing resource, send the appropriate notifications. For any
that no response is received within a week, delete the ROUTE object
from the RIPE Database.
cheers
denis
--
Bengt Gördén
Resilans AB
