nanog mailing list archives
Re: Prefix hijacking, how to prevent and fix currently
From: Saku Ytti <saku () ytti fi>
Date: Tue, 2 Sep 2014 09:36:40 +0300
On (2014-09-01 21:34 +0000), Sriram, Kotikalapudi wrote: Hi Sriram, Please help me understand the argument.
Some Org. D can maliciously announce a subprefix under Org. C's prefix, and get away with it due to the 'Loose' mode.
So C is advertising valid 192.0.2.0/24 Is D advertising valid 192.0.2.0/23? This is unfixable problem? If D is advertising invalid or unknown, C would still work and win, as longest prefix match is done first to the 'valid' population, if search is found, other populations are not searched.
I think, 'Loose mode', if used at all, should not be used beyond a short grace period.
We need to be pragmatic and ready to compromise. Right now deploying RPKI puts you in competitive disadvantage, loose mode would remove the business risk and make it easier to justify deployment. -- ++ytti
Current thread:
- Re: Prefix hijacking, how to prevent and fix currently Tarun Dua (Sep 01)
- Re: Prefix hijacking, how to prevent and fix currently Anurag Bhatia (Sep 01)
- Re: Prefix hijacking, how to prevent and fix currently Saku Ytti (Sep 01)
- <Possible follow-ups>
- Re: Prefix hijacking, how to prevent and fix currently Sriram, Kotikalapudi (Sep 01)
- Re: Prefix hijacking, how to prevent and fix currently Saku Ytti (Sep 01)
- RE: Prefix hijacking, how to prevent and fix currently Sriram, Kotikalapudi (Sep 02)
- Re: Prefix hijacking, how to prevent and fix currently Job Snijders (Sep 02)
- Re: Prefix hijacking, how to prevent and fix currently Christopher Morrow (Sep 02)
- Re: Prefix hijacking, how to prevent and fix currently Job Snijders (Sep 02)
- Re: Prefix hijacking, how to prevent and fix currently Christopher Morrow (Sep 02)
- Re: Prefix hijacking, how to prevent and fix currently Job Snijders (Sep 02)
- Re: Prefix hijacking, how to prevent and fix currently Ca By (Sep 03)
- Re: Prefix hijacking, how to prevent and fix currently Andree Toonk (Sep 03)