mailing list archives
Re: So -- what did happen to Panix?
From: "Patrick W. Gilmore" <patrick () ianai net>
Date: Fri, 27 Jan 2006 11:58:47 -0500
On Jan 27, 2006, at 11:39 AM, Joe Abley wrote:
On 27-Jan-2006, at 11:12, bmanning () vacation karoshi com wrote:
but by definition, the right-most entry is the prefix origin...
Suppose AS 9327 decides to originate 18.104.22.168/24, but prepends
4555 to the AS_PATH as it does so. Suppose 9327's uses a transit
provider which builds prefix filters from the IRR, and the "as9327"
aut-num object is modified to include policy which suggests 9327
provides transit for 4555. Suppose this is not actually the case,
though, and in fact 9327 is a rogue AS which is trying to capture
The rest of the world sees a prefix with an AS_PATH attribute which
ends with "9327 4555".
In this case, from the point of view of those trying to discern
legitimacy of advertisements, what is the origin of the prefix? Is
it 4555, or 9327?
Is it possible to tell, from just the right-most entry in the
Suggested solutions do not have to solve every possible problem.
Knowing the "correct" origin will stop accidental announcements, like
the one under discussion in this thread.
And, I suspect, most problems we see today of this sort. We are not
(yet) to the point where maliciously originated prefixes are as big a
problem as accidentally originated prefixes.