Dodgy AS327933 ...?

• Previous message (by thread): Dodgy AS327933 ...?
• Next message (by thread): Dodgy AS327933 ...?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

BGP was indeed designed in an era when trust was implicit. Introducing 
ASPA to sign a cryptographic list of authorized providers steps in the 
right direction. By validating both AS_PATH and route origin, the 
chances of BGP hijack and misconfigurations can be substantially 
reduced.

https://datatracker.ietf.org/doc/draft-ietf-sidrops-aspa-verification/

On 2023-08-11 13:51, Mark Tinka wrote:
> On 8/11/23 12:56, Nick Hilliard wrote:
> 
>> 
>> bgp is a policy based distance vector protocol. If you can't adjust 
>> the primary inter-domain metric to handle your policy requirements, 
>> it's not much use.
> 
> I am not talking about appending one's own AS in the AS_PATH. I am 
> talking about appending someone else's AS in the AS_PATH.
> 
> To be fair, I have never had to do that, since I've always thought it 
> would be considered bad form. But I suspect that on the simple BGP 
> mechanics of it, no vendor would be able to prevent that in any 
> meaningful way.
> 
> Then again, path hijacking likely wasn't a thought at the time the 
> Border Gateway Protocol was being conceived.
> 
> Mark.

--
August

• Previous message (by thread): Dodgy AS327933 ...?
• Next message (by thread): Dodgy AS327933 ...?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]