Why not to use RPKI (Was Re: Argus: a hijacking alarm system)

Yang Xiang xiangy08 at csnet1.cs.tsinghua.edu.cn
Mon Jan 23 09:51:00 CST 2012


2012/1/23 Christopher Morrow <morrowc.lists at gmail.com>

>
> ok, that seems squirrelly still :(
>
> so, take routeviews for example, they peer almost exclusively
> ebgp-multi-hop, so any 'best path' you see there isn't actually usable
> by the route-server... all traffic has to take the local transport out
> of the routeviews system, off to the internet and beyond. So, your
> blackhole testing isn't actually testing what you want, I think :(
>

it is not a  serious problem, I think.

1). we do not use routeviews-like routeservers for hijacking
identification, we only use router.
2). there is a high possibility that, the 'best path' is the path in FIB
table.
3). if the 'best path' is not the path in FIB,
    there is still a high possibility that the 'best path' is the path in
the FIB of other routes in the same AS.
4), our criterion is a threshold of a fingerprint, not a extremum.
    the fingerprint evaluated the possibility.

hope I'm not wrong. :)


> -chris
>
>


-- 
_________________________________________
Yang Xiang. Ph.D candidate. Tsinghua University
Argus: argus.csnet1.cs.tsinghua.edu.cn


More information about the NANOG mailing list