BGP route hijack by AS10990
Nick Hilliard
nick at foobar.org
Sat Aug 1 14:44:15 UTC 2020
Mark Tinka wrote on 01/08/2020 12:20:
> The difference between us and aviation is that fundamental flaws or
> mistakes that impact safety are required to be fixed and checked if you
> want to keep operating in the industry. We don't have that, so...
... so once again, route optimisers were at the heart of another serious
route leaking incident.
BGP is designed to prevent loops from happening, and has tools like
no-export to help prevent inadvertent leaks.
When people build "BGP optimisers" which reinject a prefix into a
routing mesh with the entire as-path stripped and then they refuse to
apply the basic minimum of common sense by refusing point blank to tag
prefixes with no-export, it's a matter of certainty that leaks are going
to happen, and that when they do, they'll cause damage.
It's about as responsible as shipping a shotgun with the safety disabled
and then handing it to a newbie. After all, the safety makes it more
difficult to operate and if the newbie shoots themselves, it was their
fault. And if they shot someone else, they shouldn't have got in the
way, right?
Nick
More information about the NANOG
mailing list