[174197] in North American Network Operators' Group
Re: Prefix hijacking, how to prevent and fix currently
daemon@ATHENA.MIT.EDU (Saku Ytti)
Fri Aug 29 04:55:23 2014
X-Original-To: nanog@nanog.org
Date: Fri, 29 Aug 2014 11:55:11 +0300
From: Saku Ytti <saku@ytti.fi>
To: nanog@nanog.org
In-Reply-To: <23114FE7-CD9E-4881-8EE1-CE1C313A179C@cisco.com>
Errors-To: nanog-bounces@nanog.org
On (2014-08-29 03:24 +0000), Fred Baker (fred) wrote:
> Do you implement RPKI? Are providers that neighbor with them implementing RPKI?
I feel RPKI would be much more marketable if vendors would implement 'loose'
mode.
Loose mode would drop failing routes, iff there is covering (i.e. less
specific is ok) route already in RIB.
This mode would protect from routed hijacks, but not from non-routed hijacks,
which are less serious. And it would completely remove false-positive
blackholing.
There is very small incentive for SP to deploy RPKI, since user-error in
far-end, would make my product look worse than competitors product. I'm
spending money to lose money.
--
++ytti
