Regarding smaller prefix for hijack protection

Richard Barnes richard.barnes at gmail.com
Tue Sep 4 07:07:42 CDT 2012


This seems like an opportune time to remind people about RPKI-based
origin validation as a hijack mitigation:
<http://tools.ietf.org/html/draft-ietf-sidr-pfx-validate-08>
<http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_bgp/configuration/15-2s/irg-origin-as.pdf>

I haven't run the numbers, but it seems like doing RPKI-based origin
validation is probably a lot cheaper than upgrading routers to store a
fully deaggregated route table :)


On Tue, Sep 4, 2012 at 12:29 PM, Aftab Siddiqui
<aftab.siddiqui at gmail.com> wrote:
> The thing to acknowledge is that you've realized it otherwise if you follow
> the CIDR report than you will find bunch of arrogant folks/SPs not willing
> to understand the dilemma they are causing through de-aggregation.
>
> Regards,
>
> Aftab A. Siddiqui
>
>
> On Tue, Sep 4, 2012 at 10:19 AM, Anurag Bhatia <me at anuragbhatia.com> wrote:
>
>> I didn't realized the routing table size problem with /24's. Stupid me.
>>
>>
>>
>> Thanks everyone for updates. Appreciate good answers.
>>
>>



More information about the NANOG mailing list