nanog mailing list archives
Re: Regarding smaller prefix for hijack protection
From: Richard Barnes <richard.barnes () gmail com>
Date: Tue, 4 Sep 2012 19:07:42 +0700
This seems like an opportune time to remind people about RPKI-based origin validation as a hijack mitigation: <http://tools.ietf.org/html/draft-ietf-sidr-pfx-validate-08> <http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_bgp/configuration/15-2s/irg-origin-as.pdf> I haven't run the numbers, but it seems like doing RPKI-based origin validation is probably a lot cheaper than upgrading routers to store a fully deaggregated route table :) On Tue, Sep 4, 2012 at 12:29 PM, Aftab Siddiqui <aftab.siddiqui () gmail com> wrote:
The thing to acknowledge is that you've realized it otherwise if you follow the CIDR report than you will find bunch of arrogant folks/SPs not willing to understand the dilemma they are causing through de-aggregation. Regards, Aftab A. Siddiqui On Tue, Sep 4, 2012 at 10:19 AM, Anurag Bhatia <me () anuragbhatia com> wrote:I didn't realized the routing table size problem with /24's. Stupid me. Thanks everyone for updates. Appreciate good answers.
Current thread:
- Re: Regarding smaller prefix for hijack protection Anurag Bhatia (Sep 03)
- Re: Regarding smaller prefix for hijack protection Aftab Siddiqui (Sep 03)
- Re: Regarding smaller prefix for hijack protection Richard Barnes (Sep 04)
- Re: Regarding smaller prefix for hijack protection Aftab Siddiqui (Sep 03)