[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RRG] interesting presentations from RIPE



Jari:

Thanks for the pointers.
Commonly, subprefix announcement by legitimate owner
is used as a recovery mechanism after a prefix or
subprefix hijack is detected. Example - Recent YouTube incident:  
http://www.renesys.com/blog/2008/02/pakistan_hijacks_youtube_1.shtml
From Daniel Karrenberg's presentation slides, it not obvious
what fraction of deaggregation is due to "proactive" subprefix announcement
to reduce the likelihood of being hijacked.

PHAS and PGBGP are some of the alert/protection mechanisms
against prefix/subprefix hijacks that are in research:
http://www.cs.arizona.edu/people/bzhang/paper/originChange.pdf
http://www-users.itlabs.umn.edu/classes/Spring-2006/csci8211/Readings/pgbgp.pdf
The following presentation (on Slide 7) lists more generally the various
efforts that seek to secure the system:
http://www.renesys.com/tech/presentations/pdf/apricot-lightning-08.pdf
We (NIST) have a presentation scheduled at the upcoming NANOG-43 
that provides an overview and comparisons of various
BGP Anomaly Detection and Robustness Algorithms. 

Sriram

Quoting Jari Arkko <jari.arkko@piuha.net>:

> 
> Daniel Karrenberg and few others talked about routing table
> fragmentation and why so many entries are /24s. His data points to the
> direction that a big fraction of the advertised /24s are from
> de-aggregations of bigger allocations. Obviously there are many reasons
> for this, including traffic engineering, multihoming, etc. However, at
> least for me it was news that one possible reason for doing this would
> be to "protect" yourself against prefix hijacking. By advertising /24s
> you reduce the likelihood of being hijacked with a more specific route.
> If true, one action that needs to be taken to reduce routing scalability
> problem is to secure the system in some proper way. Here are the
> presentations:
> http://rosie.ripe.net/ripe/meetings/ripe-
56/presentations/uploads/Monday/Plenary%2016:00/upl/Karrenberg-
IPv4_Prefix_Lengths.LGnt.pdf
> http://rosie.ripe.net/ripe/meetings/ripe-
56/presentations/uploads/Tuesday/Plenary%2014:00/upl/Karrenberg-
Response_to_Prefix_Length_Question_from_Yesterday.xXAg.png
> 
> Have people here actually seen such "protection" as a reason for someone
> to de-aggregate their prefixes?
> 
> Jari

--
to unsubscribe send a message to rrg-request@psg.com with the
word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg