[routing-wg] Annoucing supernets in BGP?

Tue Sep 11 19:30:46 CEST 2012

2012/9/11 Michael Markstaller <mm at elabnet.de>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 11.09.2012 17:23, Carlos M. martinez wrote:
>> Are your trobules traceable to the covering announcement?
> No, it's just a thought and I asked because RIPE warns me about - and
> I think it's fully wrong for any ISP to be able to announce something
> he doesnt own !?
>
>> More specifics should always win, period. Regardless even of BGP
>> attributes, so I'm curious if your issues are traceable to the /5.
> Theoretically: right. Practically: we lost yesterday somehow against
> Swisscom..
>
> P.S.: My question is not(!) how to resolve this specific issue but
> rather how to prevent such extremely big misuse..
> I attendended the RIPE-Trainings on RIR etc., keep my records up2date
> but noone else @T1/2 does (?)
>
> Michael
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
>
> iEYEARECAAYFAlBPcyYACgkQaWRHV2kMuAKIhwCg1Y+JfqKsUaTedogKwGFbqHRU
> NxAAoNuJJE1hatICUgFeQy/OPhfoP+JH
> =RUIG
> -----END PGP SIGNATURE-----
>

I see three ways:
1) RPKI
2) RPKI
3) RPKI

Sometimes such things happen and 99.9% of such issues are about
mistakes (bad software, mistypings, no ip classless :) etc). The only
way of securing ourselves from such situations is definitely building
filters based on RIPE database AND TRUSTING RPKI. And signing your
resources (LIR) as well :)

-- 

~~~
WBR,
Vitaliy Turovets
Systems Administrator
Corebug.Net
+38(093)265-70-55
VITU-RIPE
X-NCC-RegID: ua.tv