[171447] in North American Network Operators' Group
Re: We hit half-million: The Cidr Report
daemon@ATHENA.MIT.EDU (=?ISO-8859-1?Q?J=E9r=F4me_Nicolle?)
Wed Apr 30 09:15:58 2014
X-Original-To: nanog@nanog.org
Date: Wed, 30 Apr 2014 15:15:50 +0200
From: =?ISO-8859-1?Q?J=E9r=F4me_Nicolle?= <jerome@ceriz.fr>
To: nanog@nanog.org
In-Reply-To: <3883.1398739149@turing-police.cc.vt.edu>
Errors-To: nanog-bounces@nanog.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Le 29/04/2014 04:39, Valdis.Kletnieks@vt.edu a écrit :
> Do we have a handle on what percent of the de-aggrs are legitimate
> attempts at TE, and what percent are just whoopsies that should be
> re-aggregated?
Deaggs can "legitimatelly" occur for a different purpose : hijack
prevention (Pilosov & Kapela style).
It's fairly easy to punch a hole in a larger prefix, but winning the
reachability race while unable to propagate a more specific prefix
significantly increase hijacking costs.
For a less densely connected network (no presence on public IXPs, poor
transits...), renumbering critical services (DNS, MX, extranets) to
one of their /24s and de-aggregating it could be a smart move.
- --
Jérôme Nicolle
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlNg94YACgkQbt+nwQamihvv6wCdFS6gqfUJwD0m/OelYdWjCZui
S9cAnAkxlWyM4/JJmTPKxPWKYRXbz/c0
=vuYo
-----END PGP SIGNATURE-----
