nanog mailing list archives
Re: Regarding smaller prefix for hijack protection
From: Jon Lewis <jlewis () lewis org>
Date: Thu, 30 Aug 2012 08:08:39 -0400 (EDT)
On Thu, 30 Aug 2012, Anurag Bhatia wrote:
I tried looking on net but couldn't found direct answer, so thought to ask here for some advise. Is using /24 a must to protect (a bit) against route hijacking? We all remember case of YouTube 2008 and hijacking in Pakistan. At that time YouTube was using /22 and thus /24 (more specific) announcement took almost all of Google's traffic even when AS path was long. So Google's direct also likely sent packets to Pakistan. Later Google too used /24 (and I guess /25 too to effect some region of internet). Similar case I remember for issue reported between Altus and hijacking by someone connected to Cleaveland exchange when ISP was using /23 and spammer used /24. So can we conclude that one should always use /24 to make sure that they loose as little as possible traffic during prefix hijacking?
As an exercise, grab a copy of the global routing table, convert all shorter than /24 networks into /24s and tell us, how big is your hijack-resistant global table now? How many networks will be unable to handle it because it overflows their routers route table capacity?
In short, no...you/everyone should not announce all their space as /24s just in case someone tries to or accidentally hijacks some of their space. Your solution does not scale.
---------------------------------------------------------------------- Jon Lewis, MCP :) | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
Current thread:
- Regarding smaller prefix for hijack protection Anurag Bhatia (Aug 30)
- Re: Regarding smaller prefix for hijack protection Suresh Ramasubramanian (Aug 30)
- Re: Regarding smaller prefix for hijack protection Arturo Servin (Aug 30)
- Re: Regarding smaller prefix for hijack protection Jon Lewis (Aug 30)
- Re: Regarding smaller prefix for hijack protection William Herrin (Aug 30)
- Re: Regarding smaller prefix for hijack protection George Herbert (Aug 30)
- Re: Regarding smaller prefix for hijack protection Andy Davidson (Aug 30)
- Re: Regarding smaller prefix for hijack protection Suresh Ramasubramanian (Aug 30)