On 8/28/14, 11:28 PM, "Mark Andrews" <marka@isc.org> wrote:
The long term solution is to deploy RPKI and only use transits which use RPKI. No RPKI support => no business. Additionally make RPKI a peering requirement.
WG] So should we ask for that before, or after we get everyone to roll out IPv6 everywhere by voting with our wallets? *ducks* On 8/28/14, 11:24 PM, "Fred Baker (fred)" <fred@cisco.com> wrote:
Are providers that neighbor with them implementing RPKI? If not, complain to the folks not indicating RPKI and therefore accepting a hijacked prefix.
WG] %s/RPKI/inbound route filtering on downstream customers/g There, FTFY Tarun, other than directly contacting the originator, I recommend that you complain to their upstream provider(s) (the neighboring ASN(s) in the AS-Path) that they are accepting routes from their customer that they shouldn't be, include proof that you own the block they are announcing, and ask them to apply a prefix filter. Yes, this presupposes that you can find valid contact info in whois or peeringdb, but it's the best we've got right now. RPKI isn't likely to fix this anytime soon, because it's mostly not deployed where it needs to be to affect this problem. And just like inbound route filtering and lots of other protective security measures, [1, 2] and eating your vegetables, and getting more exercise, most folks agree that it would help, but it's only useful with wide deployment, which mostly needs to happen on "everyone else's network", and those things all have an additional cost (time, money, or both) to deploy and maintain. The unfortunate thing is that RPKI arguably takes more work than the others, with a much longer time-horizon to see benefit during the incremental deployment period. Wes George [1] https://www.routingmanifesto.org/manifesto/ [2] http://tools.ietf.org/html/draft-ietf-opsec-bgp-security Anything below this line has been added by my company’s mail server, I have no control over it. ----------- This E-mail and any of its attachments may contain Time Warner Cable proprietary information, which is privileged, confidential, or subject to copyright belonging to Time Warner Cable. This E-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited and may be unlawful. If you have received this E-mail in error, please notify the sender immediately and permanently delete the original and any copy of this E-mail and any printout.