nanog mailing list archives
Re: Regarding smaller prefix for hijack protection
From: Andy Davidson <andy () nosignal org>
Date: Thu, 30 Aug 2012 17:59:56 +0100
On 30/08/12 12:54, Anurag Bhatia wrote:
Is using /24 a must to protect (a bit) against route hijacking?
Announcing your, say /19 as 32 /24s does not prevent someone from trying to hijack you, you will still get some disruption if someone tries, but you might limit the scope of their success or the scope of your perceived outage (which is why temporary shorter prefixes are announced in order to limit the effects of hijacks, including in the example you cited.) Far more useful to monitor and take evasive action in the event of a hijack.
So can we conclude that one should always use /24 to make sure that they loose as little as possible traffic during prefix hijacking?
There is not room for 4bn entries in the routing table. You deserved to be filtered off the net if you try this stunt ! Andy
Current thread:
- Regarding smaller prefix for hijack protection Anurag Bhatia (Aug 30)
- Re: Regarding smaller prefix for hijack protection Suresh Ramasubramanian (Aug 30)
- Re: Regarding smaller prefix for hijack protection Arturo Servin (Aug 30)
- Re: Regarding smaller prefix for hijack protection Jon Lewis (Aug 30)
- Re: Regarding smaller prefix for hijack protection William Herrin (Aug 30)
- Re: Regarding smaller prefix for hijack protection George Herbert (Aug 30)
- Re: Regarding smaller prefix for hijack protection Andy Davidson (Aug 30)
- Re: Regarding smaller prefix for hijack protection Suresh Ramasubramanian (Aug 30)