nanog mailing list archives
Re: BGP route hijack by AS10990
From: Tom Beecher <beecher () beecher cc>
Date: Fri, 31 Jul 2020 10:22:11 -0400
So while I will continue pushing for the rest of the world to create ROA's, turn on RPKI and enable ROV, I'll also advocate that operators continue to have both AS- and prefix-based filters. Not either/or, but both. Also, max-prefix as a matter of course.
This is the correct approach. We are a very long way from being able to flip the switch to say "everyone drop any RPKI UNKNOWN" , so in the meantime best practices for non-ROA covered prefixes still have to be done. On Fri, Jul 31, 2020 at 9:35 AM Mark Tinka <mark.tinka () seacom com> wrote:
On 31/Jul/20 03:57, Aftab Siddiqui wrote:Not a single prefix was signed, what I saw. May be good reason for Rogers, Charter, TWC etc to do that now. It would have stopped the propagation at Telia.While I am a huge proponent for ROA's and ROV, it is a massive expectation to req filtering to work on the basis of all BGP participants creating their ROA's. It's what I would like, but there is always going to be a lag on this one. If none of the prefixes had a ROA, no amount of Telia's shiny new "we drop invalids" machine would have helped, as we saw with this incident. ROV really only comes into its own when the majority of the Internet has correct ROA's setup. In the absence of that, it's a powerful but toothless feature. So while I will continue pushing for the rest of the world to create ROA's, turn on RPKI and enable ROV, I'll also advocate that operators continue to have both AS- and prefix-based filters. Not either/or, but both. Also, max-prefix as a matter of course. Mark.
Current thread:
- Re: BGP route hijack by AS10990, (continued)
- Re: BGP route hijack by AS10990 Töma Gavrichenkov (Jul 30)
- Re: BGP route hijack by AS10990 Job Snijders (Jul 30)
- Message not available
- Re: BGP route hijack by AS10990 Patrick Schultz (Jul 30)
- Re: BGP route hijack by AS10990 Baldur Norddahl (Jul 30)
- Re: BGP route hijack by AS10990 Aftab Siddiqui (Jul 30)
- Re: BGP route hijack by AS10990 Mark Tinka (Jul 31)
- Re: BGP route hijack by AS10990 Baldur Norddahl (Jul 31)
- Re: BGP route hijack by AS10990 Mark Tinka (Jul 31)
- Re: BGP route hijack by AS10990 Job Snijders (Jul 31)
- Re: BGP route hijack by AS10990 Mark Tinka (Jul 31)
- Re: BGP route hijack by AS10990 Tom Beecher (Jul 31)