[routing-wg] Annoucing supernets in BGP?
Виталий Туровец corebug at corebug.net
Tue Sep 11 19:30:46 CEST 2012
2012/9/11 Michael Markstaller <mm at elabnet.de>: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 11.09.2012 17:23, Carlos M. martinez wrote: >> Are your trobules traceable to the covering announcement? > No, it's just a thought and I asked because RIPE warns me about - and > I think it's fully wrong for any ISP to be able to announce something > he doesnt own !? > >> More specifics should always win, period. Regardless even of BGP >> attributes, so I'm curious if your issues are traceable to the /5. > Theoretically: right. Practically: we lost yesterday somehow against > Swisscom.. > > P.S.: My question is not(!) how to resolve this specific issue but > rather how to prevent such extremely big misuse.. > I attendended the RIPE-Trainings on RIR etc., keep my records up2date > but noone else @T1/2 does (?) > > Michael > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ > > iEYEARECAAYFAlBPcyYACgkQaWRHV2kMuAKIhwCg1Y+JfqKsUaTedogKwGFbqHRU > NxAAoNuJJE1hatICUgFeQy/OPhfoP+JH > =RUIG > -----END PGP SIGNATURE----- > I see three ways: 1) RPKI 2) RPKI 3) RPKI Sometimes such things happen and 99.9% of such issues are about mistakes (bad software, mistypings, no ip classless :) etc). The only way of securing ourselves from such situations is definitely building filters based on RIPE database AND TRUSTING RPKI. And signing your resources (LIR) as well :) -- ~~~ WBR, Vitaliy Turovets Systems Administrator Corebug.Net +38(093)265-70-55 VITU-RIPE X-NCC-RegID: ua.tv