Anyone notice strange announcements for

Sandy Murphy sandy at
Tue Jan 13 20:41:46 UTC 2009

>> It should be pointed out that pre-provisioned AS_Path filters and  
>> prefix-lists would actually be effective at defeating this and  
>> preventing someone who is actually malicious from using this  
>> technique.  This is an excellent argument for implementing SIDR...
>Finally we agree.  Although I am not certain SIDR is the optimal  
>answer, we agree it would solve the problem.

The sidr wg is working on protection of the origination of the
route - so the origin AS in the AS_PATH is known to be authorized
to originate routes to the prefix.

That's not full AS_PATH protection.  sidr is not doing full AS_PATH protection.


Protecting the origination is not sufficient, everyone recognizes that.
But protecting the origination is necessary for eventual full AS_PATH
protection, so we're not wasting our time, either.

Feel free to chime in on the sidr list about wanting full path protection.
As loud as you like.


More information about the NANOG mailing list