Last week, our CEO Aaron Hughes had the pleasure of speaking at NANOG69 in Washington D.C. In his presentation, Aaron bravely took on the slippery topic of validation systems, a framework that has always lacked an industry-wide and global standard.
The question Aaron framed is simple: Can we make the internet cleaner and safer by implementing universal validation systems? But the solution, Aaron recognizes, will be deceivingly complex, not necessarily for its technical challenges, but due to the organizational difficulty of getting the network operating community on the same page.
This, of course, is a problem that goes beyond the wonderful world of network prefixes and squarely in “meatspace.” Namely, how do you get opinionated experts to act less like isolated islands and more like a unified body?
Aaron’s solution is still conceptual in nature, intended to get the conversation started. In essence, he’s calling for an entirely new level of validation. As our validation systems exist today, most of the power is in the hands of the local operator. There are best practices that most operators follow, but network validation behavior is all too often unpredictable and messy. Local operators will always need a degree of autonomy, but what Aaron imagines is another prefix, sourced from an annual link (think ARIN’s emails for POC validation but for prefix validation instead), which simply says, “I am a known contact for ‘my’ prefix(es).” Besides the obvious security benefits, this new system could aid in the task of keeping some basic contact information correct and up-to-date, which is an elusive luxury in the network operating community.
Easier said than done, no doubt. Some potential roadblocks might pop into your head right away. Where would this system live? Who would govern it? How would the system validate itself (so to speak)? These are all reasonable questions, but it’s also readily apparent that a change is needed. It’s highly unlikely that we’ll ever have a perfect validation system to keep all the miscreants at bay, but there’s always room for improvement.
Network operators and football players aren’t exactly two peas in a pod, but the same adage rings true for both: The best offense is a good defense. If operators can come together and form a unified validation system, they wouldn’t have to spend so much time warding off bad actors. And who can’t get onboard with that?
