Prefix hijacking, how to prevent and fix currently

Saku Ytti saku at
Tue Sep 2 06:36:40 UTC 2014

On (2014-09-01 21:34 +0000), Sriram, Kotikalapudi wrote:

Hi Sriram,

Please help me understand the argument.

> Some Org. D can maliciously announce a subprefix under Org. C's prefix,
> and get away with it due to the 'Loose' mode.

So C is advertising valid
Is D advertising valid

This is unfixable problem? If D is advertising invalid or unknown, C would
still work and win, as longest prefix match is done first to the 'valid'
population, if search is found, other populations are not searched.

> I think, 'Loose mode', if used at all, should not be used beyond a short grace period.

We need to be pragmatic and ready to compromise. Right now deploying RPKI puts
you in competitive disadvantage, loose mode would remove the business risk and
make it easier to justify deployment.


More information about the NANOG mailing list