[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Regarding smaller prefix for hijack protection
- Subject: Regarding smaller prefix for hijack protection
- From: richard.barnes at gmail.com (Richard Barnes)
- Date: Tue, 4 Sep 2012 19:07:42 +0700
- In-reply-to: <CAK5YLgdkmG90FUq14-M4Ms=S1XipD3deyuiJTGWsGZV=sMWm=g@mail.gmail.com>
- References: <CAJ0+aXah=Ad4Jd8-fCGdottWiBKuO0cprYA-JKrTNeKbNpG79Q@mail.gmail.com> <CAP-guGUtwARTVrZrkcx53z_3L0dokB-mDgBFp88u8Y-ztGs0rw@mail.gmail.com> <CAK__KzuyVETkpu_ty6qKngyENpz01mjoi6-sXyzWLqp-dV5X_w@mail.gmail.com> <CAJ0+aXYE+Fo7ybk7=BsDjZkW2VG8knwK9ozySQwicHsxmijb2A@mail.gmail.com> <CAK5YLgdkmG90FUq14-M4Ms=S1XipD3deyuiJTGWsGZV=sMWm=g@mail.gmail.com>
This seems like an opportune time to remind people about RPKI-based
origin validation as a hijack mitigation:
<http://tools.ietf.org/html/draft-ietf-sidr-pfx-validate-08>
<http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_bgp/configuration/15-2s/irg-origin-as.pdf>
I haven't run the numbers, but it seems like doing RPKI-based origin
validation is probably a lot cheaper than upgrading routers to store a
fully deaggregated route table :)
On Tue, Sep 4, 2012 at 12:29 PM, Aftab Siddiqui
<aftab.siddiqui at gmail.com> wrote:
> The thing to acknowledge is that you've realized it otherwise if you follow
> the CIDR report than you will find bunch of arrogant folks/SPs not willing
> to understand the dilemma they are causing through de-aggregation.
>
> Regards,
>
> Aftab A. Siddiqui
>
>
> On Tue, Sep 4, 2012 at 10:19 AM, Anurag Bhatia <me at anuragbhatia.com> wrote:
>
>> I didn't realized the routing table size problem with /24's. Stupid me.
>>
>>
>>
>> Thanks everyone for updates. Appreciate good answers.
>>
>>