nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Why not to use RPKI (Was Re: Argus: a hijacking alarm system)

From: Yang Xiang <xiangy08 () csnet1 cs tsinghua edu cn>
Date: Mon, 23 Jan 2012 23:51:00 +0800
2012/1/23 Christopher Morrow <morrowc.lists () gmail com>



ok, that seems squirrelly still :(

so, take routeviews for example, they peer almost exclusively
ebgp-multi-hop, so any 'best path' you see there isn't actually usable
by the route-server... all traffic has to take the local transport out
of the routeviews system, off to the internet and beyond. So, your
blackhole testing isn't actually testing what you want, I think :(



it is not a  serious problem, I think.

1). we do not use routeviews-like routeservers for hijacking
identification, we only use router.
2). there is a high possibility that, the 'best path' is the path in FIB
table.
3). if the 'best path' is not the path in FIB,
    there is still a high possibility that the 'best path' is the path in
the FIB of other routes in the same AS.
4), our criterion is a threshold of a fingerprint, not a extremum.
    the fingerprint evaluated the possibility.

hope I'm not wrong. :)



-chris





-- 
_________________________________________
Yang Xiang. Ph.D candidate. Tsinghua University
Argus: argus.csnet1.cs.tsinghua.edu.cn
Previous By Date Next
Previous By Thread Next

Current thread: