This will break the internet at scale. No. Ms. Lady Benjamin PD Cannon of Glencoe, ASCE 6x7 Networks & 6x7 Telecom, LLC CEO lb@6by7.net "The only fully end-to-end encrypted global telecommunications company in the world.” FCC License KJ6FJJ Sent from my iPhone via RFC1149.
On Aug 9, 2021, at 5:20 PM, Robert McKay <robert@mckay.com> wrote:
On 2021-08-09 22:39, Baldur Norddahl wrote:
man. 9. aug. 2021 22.13 skrev Grzegorz Janoszka <grzegorz@janoszka.pl>:
On 2021-08-09 17:47, Billy Croan wrote:
How does the community feel about using /24 originations in BGP as a tactical advantage against potential bgp hijackers? RPKI is more effective than a competing /24. Unless they hijack you ASn as well. You will usually get an as path length advantage even if they do hijack your asn.
Unless your RPKI is set to allow /24 but you normally advertise /21 or something shorter.. then RPKI works to the hijacker's advantage.
You could argue this is no different than before RPKI which is true.. except that now that RPKI exists people are tempted to use it to automate configuration and take humans out of the loop.
I imagine there are quite a few RPKI enabled prefixes (those configured to allow too long advertisements) that are easier to hijack now than they were before RPKI existed.
-Rob