BGP prefix filtering, how exactly? [Re: YouTube IP Hijacking]
Arnd Vehling
av at nethead.de
Tue Feb 26 10:15:34 UTC 2008
Hi,
> In a lot of this dialogue, many say, "you should prefix filter".
> However, I'm not seeing how an ISP could easily adopt such filtering.
>
> Let's consider the options:
[..]
> a) only RIPE IRR uses a sensible security model [1], so if you use
> others, basically anyone can add route objects to the registry.
> How exactly would this model be useful?
[..]
> So, this is no excuse for not doing prefix filtering if you only do
> business in the RIPE region, but anywhere else the IRR data is pretty
> much useless, incorrect, or both.
this is all true and leads us to the question why ARIN, for example,
DOESNT USE A SENSIBLE SECURITY MODEL?!!!!
Actually i asking this myself for a couple of years. IMHO ARIN _should_
either improve their RR software or, better, use the RIPE DB software so
ISPS can build prefix-filters for the ARIN region.
So: Why dont they do it?!!!
Arnd
More information about the NANOG
mailing list