[148803] in North American Network Operators' Group
Re: Why not to use RPKI (Was Re: Argus: a hijacking alarm system)
daemon@ATHENA.MIT.EDU (Yang Xiang)
Mon Jan 23 10:52:33 2012
In-Reply-To: <CAL9jLaboHvdNEQ9E_-d3JxgfG4BVyRGhx4W4H5oevDzH+fX7pQ@mail.gmail.com>
From: Yang Xiang <xiangy08@csnet1.cs.tsinghua.edu.cn>
Date: Mon, 23 Jan 2012 23:51:00 +0800
To: Christopher Morrow <morrowc.lists@gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
2012/1/23 Christopher Morrow <morrowc.lists@gmail.com>
>
> ok, that seems squirrelly still :(
>
> so, take routeviews for example, they peer almost exclusively
> ebgp-multi-hop, so any 'best path' you see there isn't actually usable
> by the route-server... all traffic has to take the local transport out
> of the routeviews system, off to the internet and beyond. So, your
> blackhole testing isn't actually testing what you want, I think :(
>
it is not a serious problem, I think.
1). we do not use routeviews-like routeservers for hijacking
identification, we only use router.
2). there is a high possibility that, the 'best path' is the path in FIB
table.
3). if the 'best path' is not the path in FIB,
there is still a high possibility that the 'best path' is the path in
the FIB of other routes in the same AS.
4), our criterion is a threshold of a fingerprint, not a extremum.
the fingerprint evaluated the possibility.
hope I'm not wrong. :)
> -chris
>
>
--
_________________________________________
Yang Xiang. Ph.D candidate. Tsinghua University
Argus: argus.csnet1.cs.tsinghua.edu.cn
