22 May
2019
22 May
'19
2:23 p.m.
In that case shouldn't each company advertise a /21? On Wed, May 22, 2019, 1:11 PM Sabri Berisha <sabri@cluecentral.net> wrote: > Hi, > > One legitimate reason is the split of companies. In some cases, IP space > needs to be divided up. For example, company A splits up in AA and AB, and > has a /20. Company AA may advertise the /20, while the new AB may advertise > the top or bottom /21. I know of at least one worldwide e-commerce company > that is in that situation. > > Thanks, > > Sabri > > > ----- On May 22, 2019, at 9:40 AM, Tom Beecher <beecher@beecher.cc> wrote: > > There are sometimes legitimate reasons to have a covering aggregate with > some more specific announcements. Certainly there's a lot of cleanup that > many should do in this area, but it might not be the best approach to this > issue. > > On Tue, May 21, 2019 at 5:30 AM Alejandro Acosta < > alejandroacostaalamo@gmail.com> wrote: > >> >> On 5/20/19 7:26 PM, John Kristoff wrote: >> > On Mon, 20 May 2019 23:09:02 +0000 >> > Seth Mattinen <sethm@rollernet.us> wrote: >> > >> >> A good start would be killing any /24 announcement where a covering >> >> aggregate exists. >> > I wouldn't do this as a general rule. If an attacker knows networks are >> > 1) not pointing default, 2) dropping /24's, 3) not validating the >> > aggregates, and 4) no actual legitimate aggregate exists, (all >> > reasonable assumptions so far for many /24's), then they have a pretty >> > good opportunity to capture that traffic. >> >> >> +1 John >> >> Seth approach could be an option _only_ if prefix has an aggregate >> exists && as origin are the same >> >> >> > John >> > >