[156007] in North American Network Operators' Group
Re: Regarding smaller prefix for hijack protection
daemon@ATHENA.MIT.EDU (Richard Barnes)
Tue Sep 4 08:08:18 2012
In-Reply-To: <CAK5YLgdkmG90FUq14-M4Ms=S1XipD3deyuiJTGWsGZV=sMWm=g@mail.gmail.com>
Date: Tue, 4 Sep 2012 19:07:42 +0700
From: Richard Barnes <richard.barnes@gmail.com>
To: Aftab Siddiqui <aftab.siddiqui@gmail.com>
Cc: NANOG Mailing List <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
This seems like an opportune time to remind people about RPKI-based
origin validation as a hijack mitigation:
<http://tools.ietf.org/html/draft-ietf-sidr-pfx-validate-08>
<http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_bgp/configuration/15-2s/irg-origin-as.pdf>
I haven't run the numbers, but it seems like doing RPKI-based origin
validation is probably a lot cheaper than upgrading routers to store a
fully deaggregated route table :)
On Tue, Sep 4, 2012 at 12:29 PM, Aftab Siddiqui
<aftab.siddiqui@gmail.com> wrote:
> The thing to acknowledge is that you've realized it otherwise if you follow
> the CIDR report than you will find bunch of arrogant folks/SPs not willing
> to understand the dilemma they are causing through de-aggregation.
>
> Regards,
>
> Aftab A. Siddiqui
>
>
> On Tue, Sep 4, 2012 at 10:19 AM, Anurag Bhatia <me@anuragbhatia.com> wrote:
>
>> I didn't realized the routing table size problem with /24's. Stupid me.
>>
>>
>>
>> Thanks everyone for updates. Appreciate good answers.
>>
>>
