nanog mailing list archives
Re: Regarding smaller prefix for hijack protection
From: Anurag Bhatia <me () anuragbhatia com>
Date: Tue, 4 Sep 2012 10:49:23 +0530
I didn't realized the routing table size problem with /24's. Stupid me. Thanks everyone for updates. Appreciate good answers. On Fri, Aug 31, 2012 at 4:18 AM, George Herbert <george.herbert () gmail com>wrote:
On Thu, Aug 30, 2012 at 8:41 AM, William Herrin <bill () herrin us> wrote:On Thu, Aug 30, 2012 at 7:54 AM, Anurag Bhatia <me () anuragbhatia com>wrote:Is using /24 a must to protect (a bit) against route hijacking?Hi Anurag, Not only is it _not_ a must, it doesn't work and it impairs your ability to detect the fault. In a route hijacking scenario, traffic for a particular prefix will flow to the site with the shortest AS path from the origin. Your /24 competes with their /24. Half the Internet, maybe more maybe less depending on how well connected each of you are, will be inaccessible to you.Preventively there seems to be no utility to this. Reactively, after a hijacking starts, has anyone tried announcing both (say) /24s for the block and (say) 2x /25s for it as well, to get more-specific under the hijacker? Yes, a lot of places will filter and ignore, but those that don't ... (Yes, sign your prefixes now, on general principles) -- -george william herbert george.herbert () gmail com
-- Anurag Bhatia anuragbhatia.com Linkedin <http://in.linkedin.com/in/anuragbhatia21> | Twitter<https://twitter.com/anurag_bhatia>| Google+ <https://plus.google.com/118280168625121532854>
Current thread:
- Re: Regarding smaller prefix for hijack protection Anurag Bhatia (Sep 03)
- Re: Regarding smaller prefix for hijack protection Aftab Siddiqui (Sep 03)
- Re: Regarding smaller prefix for hijack protection Richard Barnes (Sep 04)
- Re: Regarding smaller prefix for hijack protection Aftab Siddiqui (Sep 03)