[102763] in North American Network Operators' Group
Re: YouTube IP Hijacking
daemon@ATHENA.MIT.EDU (Arnd Vehling)
Tue Feb 26 08:26:45 2008
Date: Tue, 26 Feb 2008 14:27:15 +0100
From: Arnd Vehling <av@nethead.de>
To: Randy Epstein <repstein@chello.at>
CC: nanog@merit.edu
In-Reply-To: <00f301c87871$24d81e40$2801a8c0@D88CFA77634F40F>
Errors-To: owner-nanog@merit.edu
Randy Epstein wrote:
> My point was that even with a license, accidents still occur.
My point is that without a license more accidents will occur.
> Vendors currently do train their customers and certify them.
A lot of companies dont send their personel to training lessons because
of the costs. The vendor primarily trains how to _implement_ a BGP
policy on their equipment and not neccessarily how to develop a good
peering and filter policy.
The "youtube ip hijacking" case _may_ be a result of route
redistribution from an internal routing protocol to BGP without any
route filters applied. Every decent BGP engineer knows that this is a
very bad idea.
> LIRs don't and
> cannot know all the gear out there and configurations from network to
> network vary.
They dont need to. They could/should ensure that people running ASNs
have a good knowledge about how BGP works. Not how to _implement_ a BGP
policy on a vendor device. This truly is up to the vendors and ISPs.
> This doesn't stop route leaks, nor would this protect us from
> intentional mischief.
True, but it will help reducing incidents which will have a huge impact
on the live and economy of a lot of people. The "youtube IP hijacking"
was only a minor nuisance in relation to what can happen if other
prefixes are "hijacked" or just leak due to clueless personal.
-- Arnd
