YouTube IP Hijacking

michael.dillon at bt.com michael.dillon at bt.com
Mon Feb 25 10:12:47 UTC 2008



> This candidate list of requirements is for route sources that 
> North American Operators should trust to propagate long 
> prefix routes, nothing more, nothing less. 

All operators already have some kind of criteria which they use
to decide whether or not to trust a particular source of routes
whether long prefixes or short. You are suggesting that these operators
should give up this role to a trusted third party so that al
North American network operators share fate in terms of BGP
trust relationships. It seems that you feel this is an improvement
since some network operators have very lax policies and trust people
that they shouldn't. In that case, I wonder whether these operators
would even bother joining such a shared-fate arrangement.

But the big downside is for the operators who have carefully honed
filtering policies and who are careful about who they trust. For them
there is no upside to joining a shared-fate arrangement, and a potential
downside if management decides that their internal BGP filtering
practices can now be made more lax. And, of course, the shared fate
arrangement is now a single point of failure and a very juicy target
for bad guys to attack.

The real solution to the YouTube issue is for people to pressure other
network operators to raise their game and pay attention to how they
manage their BGP trust relationships and filter announcements. In
addition, more people need to get involved in information sharing 
arrangements like Routing Registries, MyASN, alert services and so on.
None of these things create a single point of failure and some of
them would be useful even if your Super AS is created. Because all
of this activity is done by humans, even your Super AS can make
mistakes so it would be bad for people to trust it just because it
is big. Alert services, RRs, MyASN, etc., can protect against
human failures whether in the Super AS or Pakistan Telecom.

> Perhaps you might like to propose criteria you would find 
> useful in setting a level of trust, or some alternative 
> method to avoid a recurrence of a site that is widely visited 
> being black holed through another ISP advertising a more 
> specific route?

Haven't you noticed that the definition of "widely visited site"
changes regularly, and often quite abruptly? How much traffic 
did YouTube get 3 years ago? Facebook? MySpace? There is no
shortcut for eternal vigilance, i.e. manage your BGP relationships
don't just configure and forget.

> Item 2: in this context, is specific to the needs of North 
> American Network Operators accepting long prefix routes. I am 
> not advocating not accepting routes from the ROW, just not 
> very specific ones. It's entirely possible for North American 
> Operators to rely on law enforcement in say, the EU and Australia.

In case you hadn't noticed, there is no North American law enforcement
agency and no North American courts and no North American laws outside
of NAFTA. So I'm not sure what you are getting at here. Do you want
to reopen NAFTA negotiations to include Internet peering?

> I think it would be better to propose some constructive ideas 
> as to how we can avoid what happened today from recurring, 
> and also deal with the issue of hijacked IP space in general.

The tools and techniques are out there. All that is needed is 
for people to follow best practices. Seems to me that educational
activity would be more productive than building castles in the sky.

--Michael Dillon





More information about the NANOG mailing list