So -- what did happen to Panix?
Patrick W. Gilmore
patrick at ianai.net
Fri Jan 27 16:58:47 UTC 2006
On Jan 27, 2006, at 11:39 AM, Joe Abley wrote:
> On 27-Jan-2006, at 11:12, bmanning at vacation.karoshi.com wrote:
>
>> but by definition, the right-most entry is the prefix origin...
>
> Suppose AS 9327 decides to originate 198.32.6.0/24, but prepends
> 4555 to the AS_PATH as it does so. Suppose 9327's uses a transit
> provider which builds prefix filters from the IRR, and the "as9327"
> aut-num object is modified to include policy which suggests 9327
> provides transit for 4555. Suppose this is not actually the case,
> though, and in fact 9327 is a rogue AS which is trying to capture
> 4555's traffic.
>
> The rest of the world sees a prefix with an AS_PATH attribute which
> ends with "9327 4555".
>
> In this case, from the point of view of those trying to discern
> legitimacy of advertisements, what is the origin of the prefix? Is
> it 4555, or 9327?
>
> Is it possible to tell, from just the right-most entry in the
> AS_PATH attribute?
Suggested solutions do not have to solve every possible problem.
Knowing the "correct" origin will stop accidental announcements, like
the one under discussion in this thread.
And, I suspect, most problems we see today of this sort. We are not
(yet) to the point where maliciously originated prefixes are as big a
problem as accidentally originated prefixes.
--
TTFN,
patrick
More information about the NANOG
mailing list