Hi Speaking as be.ccafrique and uk.pccwg-uk I support Job's proposal. Pf
On Mon, 14 Nov 2022 17:41:16 +0000 Job Snijders via db-wg <db-wg@ripe.net> wrote: > CAUTION: External email. Do not click links or open attachments unless you > recognize the sender and know the content is safe. > > Dear DB-WG, > > Speaking in individual capacity. > > In RFC 2622 section 5 specifies the naming convention for AS-SET > objects. https://www.rfc-editor.org/rfc/rfc2622#section-5.1 > There basically are two styles: > > * "short" (example: AS-SNIJDERS) > * "hierarchical" (example: AS15562:AS-SNIJDERS) > > Problem statement > ================= > In recent weeks a number of hypergiant cloud providers have faced the > thorny effects of adversarial AS-SET object naming collisions between > IRR databases. > > An example of this phenomenon is the existence of AS-AMAZON in both RADB > and RIPE. According to https://www.peeringdb.com/net/1418 the RADB copy > of the object is the the correct one and populated with a number of > members entries. The RIPE one is empty, and not under control of Amazon. > > The existence of the AS-AMAZON object in the RIPE database might cause > some operators to inadvertently apply empty prefix-filters to EBGP > sessions which in turn causes various problems. > > It seems Amazon has no recourse to get the AS-AMAZON object removed from > the RIPE database; because the existence of that object in the RIPE > database does not violate any policies (as far as I know). But perhaps, > going forward, this community can do a little bit more to help prevent > similar situations from happening to others. > > Solution proposal > ================= > I think the solution is to - GOING FORWARD - disallow creation of new > AS-SET objects which follow the 'short' naming style. > > The advantage of hierarchical naming is that the existing authorization > rules as applied by the RIPE Whois Server database engine do a decent > job of protecting/separating namespaces. 'Grandfathering' existing > short-named objects ensures that implementation of this solution > proposal causes minimal (if any) disruption to existing workflows. > > The RIPE database engine blocking creation of short-named AS-SETs might > help nudge the industry towards making hierarchical naming the norm. > > Related work > ============ > Related work throughout the registry industry: IRRd version 4 forces new > AS-SET objects to be structured hierarchically: > https://github.com/irrdnet/irrd/issues/408 > > Kind regards, > > Job > > -- > > To unsubscribe from this mailing list, get a password reminder, or change > your subscription options, please visit: > https://lists.ripe.net/mailman/listinfo/db-wg > -- Pierfrancesco Caci <pc...@pccwglobal.com> VP Network & Security Architecture - AS3491 Peering Coordinator Tel.: +39 0287 049 871 www.pccwglobal.com This message (and any attachments) may contain information that is confidential, proprietary, privileged or otherwise protected by law. The message is intended solely for the named addressee (or a person responsible for delivering it to the addressee). If you are not the intended recipient of this message, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please destroy the message or delete it from your system immediately and notify the sender. PCCW Global cannot guarantee that this e-mail is secure, error-free and/or virus-free as e-mail messages could be intercepted, altered, corrupted, lost, delayed or become incomplete and/or infected by viruses in the course of their transmission. PCCW Global and the sender therefore do not accept liability for any loss or damage arising from any errors or omissions in the contents of this e-mail. -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/db-wg
