BGP prefix filtering, how exactly? [Re: YouTube IP Hijacking]

Arnd Vehling av at nethead.de
Tue Feb 26 10:15:34 UTC 2008


Hi,

> In a lot of this dialogue, many say, "you should prefix filter".
> However, I'm not seeing how an ISP could easily adopt such filtering.
> 
> Let's consider the options:
[..]

>   a) only RIPE IRR uses a sensible security model [1], so if you use
>      others, basically anyone can add route objects to the registry.
>      How exactly would this model be useful?
[..]
> So, this is no excuse for not doing prefix filtering if you only do
> business in the RIPE region, but anywhere else the IRR data is pretty
> much useless, incorrect, or both.

this is all true and leads us to the question why ARIN, for example,
DOESNT USE A SENSIBLE SECURITY MODEL?!!!!

Actually i asking this myself for a couple of years. IMHO ARIN _should_
either improve their RR software or, better, use the RIPE DB software so
 ISPS can build prefix-filters for the ARIN region.

So: Why dont they do it?!!!


   Arnd



More information about the NANOG mailing list