Currently RPKI can only validate origin, not paths. If/when a path validation solution is available, then one easy way to know that network A really means to peer with network B is to publish a path validation that B can use and/or forward A's announcements.
Rubens On Wed, Aug 18, 2021 at 7:53 PM Sabri Berisha <sa...@cluecentral.net> wrote: > > ----- On Aug 18, 2021, at 3:02 PM, Patrick W. Gilmore patr...@ianai.net wrote: > > Hi, > > > Those networks would be ones that do not peer. Which seems pretty obvious > > to me > > - it is literally in the name. > > I have an AS, I advertise IP space to the world. I want to be a Good Netizen > and > register my BGP peers. Your definition of BGP peering is different from mine, > at > least in this context. > > > I guess you are right, the _Peering_DB does not register “certain” networks. > > Which was my point. I'm glad you agree. My little AS is not allowed to play > with > the big kids. > > If you only want to register settlement-free peering, that's totally fine > with me. > Your database, your rules. > > But, the fact stays that you can have an AS, advertise your prefixes to the > world, > and not be permitted to register with peeringdb. Which means it can't be used > as > a single source of truth. Which would have been a shame because with a little > bit > of automation it would be feasible to "score" advertisements. That would help > determine the likelihood of an advertisement to be erroneous (whether by > accident > or malice). > > For example, if I were to register my peers (53356 and 136620) and AS5524 > would > all of a sudden start to advertise my AS as behind it, you'd be able to flag > that. > > But again, your database, your rules. > > Thanks, > > Sabri