nanog mailing list archives
Re: BGP route hijack by AS10990
From: Mark Tinka <mark.tinka () seacom com>
Date: Sat, 1 Aug 2020 22:38:57 +0200
On 1/Aug/20 21:03, Sabri Berisha wrote:
The same can be said here. Noction and/or its operators appear to not understand how BGP works, and/or what safety measures must be deployed to ensure that the larger internet will not be hurt by misconfiguration.
I think the latter would be more appropriate. Their implementation of BGP is likely correct, but they aren't putting any emphasis on what the deployment of their use-case can do to global BGP security and performance. This where I'd say they can add more focus.
I also agree with Job, that Noction has some responsibility here. And as I understand more and more about it, I must now agree with Mark T that this was an avoidable incident (although not because of Telia, but because Noction's decision to not enable NO_EXPORT by default).
I see it differently. The chain is only as strong as its weakest actor. It is not unreasonable to expect that global actors of significant scale have enough clue to make sure any mistakes committed downstream are not propagated by them to the rest of the Internet. So while I do not absolve Noction (and their customer) of any responsibility here, I'd apportion the blame as: - Telia 51% - Noction 30% - Noction's customer 19% When the weaker chains of the link fail, we should be able to count on the strongest chain in that link to be the last line of defence... Telia, in this case. Simply for no other reason than they "know best", and have such global scope which comes with significant responsibility. But that isn't to say that neither Noction nor their customer cannot do better either. After all, BGP security and performance only works well when we all do our part, and not just some of us. Mark.
Current thread:
- Re: BGP route hijack by AS10990, (continued)
- Re: BGP route hijack by AS10990 Mark Tinka (Aug 01)
- Re: BGP route hijack by AS10990 Owen DeLong (Aug 01)
- Re: BGP route hijack by AS10990 Mark Tinka (Aug 01)
- Re: BGP route hijack by AS10990 Mark Tinka (Aug 01)
- Re: BGP route hijack by AS10990 Sabri Berisha (Aug 01)
- Re: BGP route hijack by AS10990 Owen DeLong (Aug 01)
- Re: BGP route hijack by AS10990 Mark Tinka (Aug 01)
- Re: BGP route hijack by AS10990 Nick Hilliard (Aug 01)
- Re: BGP route hijack by AS10990 Sabri Berisha (Aug 01)
- Re: BGP route hijack by AS10990 Nick Hilliard (Aug 01)
- Re: BGP route hijack by AS10990 Owen DeLong (Aug 01)
- Re: BGP route hijack by AS10990 Mark Tinka (Aug 01)
- Re: BGP route hijack by AS10990 Owen DeLong (Aug 01)
- Re: BGP route hijack by AS10990 Mark Tinka (Aug 01)
- Re: BGP route hijack by AS10990 Mark Tinka (Aug 01)
- Re: BGP route hijack by AS10990 Mark Tinka (Aug 02)
- RE: BGP route hijack by AS10990 adamv0025 (Aug 03)
- Re: BGP route hijack by AS10990 Alex Band (Aug 03)
- Re: BGP route hijack by AS10990 Mark Tinka (Aug 03)
- Re: BGP route hijack by AS10990 Job Snijders (Aug 03)