nanog mailing list archives
Re: the problems being solved -- or not
From: Russ White <ruwhite () cisco com>
Date: Tue, 24 May 2005 07:41:49 -0400 (Eastern Daylight Time)
Let's look at Tony's points above. These solutions cannot deal with the last case, i.e., the "owner" of the prefix decides to advertise more specifics (and the ISPs pass that crap through). Then we're left with attacks where someone else advertises an equal route, or someone advertises a more specific.
One of the various policies available within the soBGP specs is the ability for the owner of an address block to state: "The longest prefix within this block will be /x." This means that if you own 10.1.0.0/16, you can say: "The longest prefix length within 10.1.0.0/16 will be a /17." Or you can say: "The longest prefix within 10.1.0.0/17 will be a /18, and the longest within 10.1.1.0/17 will be a /20." Now, if someone attempts to steal your traffic by advertising a longer prefix, anyone actually checking would toss their routes.
Yes, you could advertise the same length, of course, but then, if the origin doesn't match, and/or the AS Path is bogus, they're toast, as well.
:-) Russ __________________________________ riw () cisco com CCIE <>< Grace Alone
Current thread:
- Re: soBGP deployment, (continued)
- Message not available
- Re: soBGP deployment Suresh Ramasubramanian (May 23)
- Re: soBGP deployment Michael . Dillon (May 24)
- Re: soBGP deployment Geoff Huston (May 23)
- Re: soBGP deployment Russ White (May 23)
- Re: soBGP deployment Tony Li (May 23)
- Re: soBGP deployment Alexei Roudnev (May 24)
- Re: soBGP deployment Randy Bush (May 23)
- Re: soBGP deployment bmanning (May 23)
- Re: soBGP deployment Tony Li (May 23)
- the problems being solved -- or not Pekka Savola (May 24)
- Re: the problems being solved -- or not Russ White (May 24)
- Re: the problems being solved -- or not Pete Templin (May 24)
- Re: the problems being solved -- or not Pekka Savola (May 24)
- Re: the problems being solved -- or not Tony Li (May 24)
- Re: soBGP deployment Randy Bush (May 24)
- Re: soBGP deployment Tony Li (May 24)
- Re: soBGP deployment Daniel Karrenberg (May 25)
- Re: soBGP deployment Tony Li (May 25)
- Re: soBGP deployment Jeroen Massar (May 26)
- Re: soBGP deployment william(at)elan.net (May 26)
- Re: soBGP deployment Todd Underwood (May 26)