Regarding smaller prefix for hijack protection

• Previous message (by thread): Regarding smaller prefix for hijack protection
• Next message (by thread): mac limit per VPLS domain
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 30/08/12 12:54, Anurag Bhatia wrote:
> Is using /24 a must to protect (a bit) against route hijacking? 

Announcing your, say /19 as 32 /24s does not prevent someone from trying
to hijack you, you will still get some disruption if someone tries, but
you might limit the scope of their success or the scope of your
perceived outage (which is why temporary shorter prefixes are announced
in order to limit the effects of hijacks, including in the example you
cited.)

Far more useful to monitor and take evasive action in the event of a hijack.

> So can we conclude that one should always use /24 to make sure that they
> loose as little as possible traffic during prefix hijacking?

There is not room for 4bn entries in the routing table.  You deserved to
be filtered off the net if you try this stunt !

Andy

• Previous message (by thread): Regarding smaller prefix for hijack protection
• Next message (by thread): mac limit per VPLS domain
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]