Home page logo

nanog logo nanog mailing list archives

Re: Regarding smaller prefix for hijack protection
From: Jon Lewis <jlewis () lewis org>
Date: Thu, 30 Aug 2012 08:08:39 -0400 (EDT)

On Thu, 30 Aug 2012, Anurag Bhatia wrote:

I tried looking on net but couldn't found direct answer, so thought to ask
here for some advise.

Is using /24 a must to protect (a bit) against route hijacking? We all
remember case of YouTube 2008 and hijacking in Pakistan. At that time
YouTube was using /22 and thus /24 (more specific) announcement took almost
all of Google's traffic even when AS path was long. So Google's direct also
likely sent packets to Pakistan. Later Google too used /24 (and I guess /25
too to effect some region of internet). Similar case I remember for issue
reported between Altus and hijacking by someone connected to Cleaveland
exchange when ISP was using /23 and spammer used /24.

So can we conclude that one should always use /24 to make sure that they
loose as little as possible traffic during prefix hijacking?

As an exercise, grab a copy of the global routing table, convert all shorter than /24 networks into /24s and tell us, how big is your hijack-resistant global table now? How many networks will be unable to handle it because it overflows their routers route table capacity?

In short, no...you/everyone should not announce all their space as /24s just in case someone tries to or accidentally hijacks some of their space. Your solution does not scale.

 Jon Lewis, MCP :)           |  I route
 Senior Network Engineer     |  therefore you are
 Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]