Anyone notice strange announcements for 174.128.31.0/24

• Previous message (by thread): Anyone notice strange announcements for 174.128.31.0/24
• Next message (by thread): Anyone notice strange announcements for 174.128.31.0/24
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>> It should be pointed out that pre-provisioned AS_Path filters and  
>> prefix-lists would actually be effective at defeating this and  
>> preventing someone who is actually malicious from using this  
>> technique.  This is an excellent argument for implementing SIDR...
>
>Finally we agree.  Although I am not certain SIDR is the optimal  
>answer, we agree it would solve the problem.

The sidr wg is working on protection of the origination of the
route - so the origin AS in the AS_PATH is known to be authorized
to originate routes to the prefix.

That's not full AS_PATH protection.  sidr is not doing full AS_PATH protection.

Yet.

Protecting the origination is not sufficient, everyone recognizes that.
But protecting the origination is necessary for eventual full AS_PATH
protection, so we're not wasting our time, either.

Feel free to chime in on the sidr list about wanting full path protection.
As loud as you like.

--Sandy

• Previous message (by thread): Anyone notice strange announcements for 174.128.31.0/24
• Next message (by thread): Anyone notice strange announcements for 174.128.31.0/24
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]