Regarding smaller prefix for hijack protection
me at anuragbhatia.com
Tue Sep 4 05:19:23 UTC 2012
I didn't realized the routing table size problem with /24's. Stupid me.
Thanks everyone for updates. Appreciate good answers.
On Fri, Aug 31, 2012 at 4:18 AM, George Herbert <george.herbert at gmail.com>wrote:
> On Thu, Aug 30, 2012 at 8:41 AM, William Herrin <bill at herrin.us> wrote:
> > On Thu, Aug 30, 2012 at 7:54 AM, Anurag Bhatia <me at anuragbhatia.com>
> >> Is using /24 a must to protect (a bit) against route hijacking?
> > Hi Anurag,
> > Not only is it _not_ a must, it doesn't work and it impairs your
> > ability to detect the fault.
> > In a route hijacking scenario, traffic for a particular prefix will
> > flow to the site with the shortest AS path from the origin. Your /24
> > competes with their /24. Half the Internet, maybe more maybe less
> > depending on how well connected each of you are, will be inaccessible
> > to you.
> Preventively there seems to be no utility to this.
> Reactively, after a hijacking starts, has anyone tried announcing both
> (say) /24s for the block and (say) 2x /25s for it as well, to get
> more-specific under the hijacker? Yes, a lot of places will filter
> and ignore, but those that don't ...
> (Yes, sign your prefixes now, on general principles)
> -george william herbert
> george.herbert at gmail.com
Linkedin <http://in.linkedin.com/in/anuragbhatia21> |
More information about the NANOG