nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Prefix hijacking, how to prevent and fix currently

From: Saku Ytti <saku () ytti fi>
Date: Fri, 29 Aug 2014 11:55:11 +0300
On (2014-08-29 03:24 +0000), Fred Baker (fred) wrote:


Do you implement RPKI? Are providers that neighbor with them implementing RPKI?


I feel RPKI would be much more marketable if vendors would implement 'loose'
mode.
Loose mode would drop failing routes, iff there is covering (i.e. less
specific is ok) route already in RIB.
This mode would protect from routed hijacks, but not from non-routed hijacks,
which are less serious. And it would completely remove false-positive
blackholing.

There is very small incentive for SP to deploy RPKI, since user-error in
far-end, would make my product look worse than competitors product. I'm
spending money to lose money.

-- 
  ++ytti
Previous By Date Next
Previous By Thread Next

Current thread: