"Tactical" /24 announcements

Robert McKay robert at mckay.com
Mon Aug 9 22:17:40 UTC 2021

On 2021-08-09 22:39, Baldur Norddahl wrote:
> man. 9. aug. 2021 22.13 skrev Grzegorz Janoszka
> <grzegorz at janoszka.pl>:
>> On 2021-08-09 17:47, Billy Croan wrote:
>>> How does the community feel about using /24 originations in BGP as
>> a
>>> tactical advantage against potential bgp hijackers?
>> RPKI is more effective than a competing /24. Unless they hijack you
>> ASn
>> as well.
> You will usually get an as path length advantage even if they do
> hijack your asn.

Unless your RPKI is set to allow /24 but you normally advertise /21 or 
something shorter.. then RPKI works to the hijacker's advantage.

You could argue this is no different than before RPKI which is true.. 
except that now that RPKI exists people are tempted to use it to 
automate configuration and take humans out of the loop.

I imagine there are quite a few RPKI enabled prefixes (those configured 
to allow too long advertisements) that are easier to hijack now than 
they were before RPKI existed.


More information about the NANOG mailing list