New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow one data source to 'drown out' other data sources #3
Comments
You are bringing up more than one item.
In the first case, I would highly recommend synthesizing a route object from an RPKI ROA, just so that a whois (or hopefully RDAP) query returns useful information. In the second and third case, sadly I believe that you will have to leave that choice down to the consumer of the data. While we can all agree that some of the IRR sources are less useful than others (or some similar polite way of saying that), there's still a bias on the part of the consumer that needs to be kept. NTTCOM may choose to prioritize it's data over (lets say) REACH or equivalent. REACH may well decide the complete opposite. Etc etc. That said, I would see the default for RPKI to override IRR data any day! In the forth case (overriding or masking of data), you are again proposing a different model than classic IRRs. Just like prioritization, as described above, there maybe a end consumer of data choice required, which means that the existing query methods - yes, I'm talking about the atrocious Martin PS: I think you meant |
@mahtin the operator of the IRRd instance will be able to decide what data they expose to their consumers (percolated through whatever local policy). NTT may make other choices than RADB. The lack of ability to define policy at the IRRd level is a shortcoming of IRRdv3 that will not be repeated. |
@mahtin Conceptually there will be multiple attachment points to apply policy: (1) when feeding data into the IRRd instance, (2) when exposing data to consumers (either via WHOIS or via API), (3) locally inside the client. The |
Additional notes: All of this only applies to RPKI data sources is expected to refresh every 30 - 60 minutes. After the RPKI source refreshes, the authoritative database must be scanned and all conflicting objects must be deleted (also send deletes via NRTM, and send notification mails "this was deleted because of conflict with datasource X"). Objects received via NRTM from other mirrors must be marked as |
another aspect that is worth considering is slipstreaming RPKI as data source into the |
This issue needs to be rewritten for clarity |
Closed in favor of the description at #197 |
Allow one data source to 'drown out' other data source. For instance RPKI data supersedes IRR data, by using RPKI data we can combat stale IRR proxy route registrations.
Consider the following:
It would be nice if
!gAS1
would not return192.0.2.0/24
because of the existence of the RPKI entry covering192.0.2.0/24
. In operational terms the owner of prefix192.0.2.0/24
should create a second RPKI ROA if they'd want to allow AS1 to originate the prefix.Similarly not all IRR sources are equal, the APNIC database contains better data than ALTDB or NTTCOM.
The text was updated successfully, but these errors were encountered: