Prefix hijacking, how to prevent and fix currently

Saku Ytti saku at ytti.fi
Fri Aug 29 08:55:11 UTC 2014


On (2014-08-29 03:24 +0000), Fred Baker (fred) wrote:

> Do you implement RPKI? Are providers that neighbor with them implementing RPKI?

I feel RPKI would be much more marketable if vendors would implement 'loose'
mode.
Loose mode would drop failing routes, iff there is covering (i.e. less
specific is ok) route already in RIB.
This mode would protect from routed hijacks, but not from non-routed hijacks,
which are less serious. And it would completely remove false-positive
blackholing.

There is very small incentive for SP to deploy RPKI, since user-error in
far-end, would make my product look worse than competitors product. I'm
spending money to lose money.

-- 
  ++ytti


More information about the NANOG mailing list