nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: BGP prefix filtering, how exactly? [Re: YouTube IP Hijacking]

From: Arnd Vehling <av () nethead de>
Date: Tue, 26 Feb 2008 11:15:34 +0100

Hi,


In a lot of this dialogue, many say, "you should prefix filter".
However, I'm not seeing how an ISP could easily adopt such filtering.

Let's consider the options:

[..]


  a) only RIPE IRR uses a sensible security model [1], so if you use
     others, basically anyone can add route objects to the registry.
     How exactly would this model be useful?

[..]

So, this is no excuse for not doing prefix filtering if you only do
business in the RIPE region, but anywhere else the IRR data is pretty
much useless, incorrect, or both.


this is all true and leads us to the question why ARIN, for example,
DOESNT USE A SENSIBLE SECURITY MODEL?!!!!

Actually i asking this myself for a couple of years. IMHO ARIN _should_
either improve their RR software or, better, use the RIPE DB software so
 ISPS can build prefix-filters for the ARIN region.

So: Why dont they do it?!!!


   Arnd
Previous By Date Next
Previous By Thread Next

Current thread: