Regarding smaller prefix for hijack protection

Jon Lewis jlewis at lewis.org
Thu Aug 30 07:08:39 CDT 2012


On Thu, 30 Aug 2012, Anurag Bhatia wrote:

> I tried looking on net but couldn't found direct answer, so thought to ask
> here for some advise.
>
> Is using /24 a must to protect (a bit) against route hijacking? We all
> remember case of YouTube 2008 and hijacking in Pakistan. At that time
> YouTube was using /22 and thus /24 (more specific) announcement took almost
> all of Google's traffic even when AS path was long. So Google's direct also
> likely sent packets to Pakistan. Later Google too used /24 (and I guess /25
> too to effect some region of internet). Similar case I remember for issue
> reported between Altus and hijacking by someone connected to Cleaveland
> exchange when ISP was using /23 and spammer used /24.
>
>
> So can we conclude that one should always use /24 to make sure that they
> loose as little as possible traffic during prefix hijacking?

As an exercise, grab a copy of the global routing table, convert all 
shorter than /24 networks into /24s and tell us, how big is your 
hijack-resistant global table now?  How many networks will be unable to 
handle it because it overflows their routers route table capacity?

In short, no...you/everyone should not announce all their space as /24s 
just in case someone tries to or accidentally hijacks some of their space. 
Your solution does not scale.

----------------------------------------------------------------------
  Jon Lewis, MCP :)           |  I route
  Senior Network Engineer     |  therefore you are
  Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________



More information about the NANOG mailing list