BGP Security Research Question

sthaug at sthaug at
Tue Nov 4 14:03:00 UTC 2014

> Let me disagree - Pakistan Youtube was possible only because their uplink
> provider did NOT implement inbound route filters . As always the weakest
> link is human factor - and no super-duper newest technology is ever to help
> here .

Agreed, the uplink absolutely should have implemented prefix filtering.

However, if the Youtube prefixes had been protected with RPKI, ISPs far
away could have verified the announcements themselves - and would have
found that the Pakistan Telecom originated prefixes were invalid (and
would presumably have found the original Youtube prefixes to be valid).
As least that's how I understand RPKI.

I want *both* prefix filtering and a system like RPKI.

Steinar Haug, Nethelp consulting, sthaug at

More information about the NANOG mailing list