24.06.19 19:04, Matthew Walster пише:
On Mon, 24 Jun 2019, 16:28 Max Tulyev, <maxtul@netassist.ua <mailto:maxtul@netassist.ua>> wrote:
1. Why Cloudflare did not immediately announced all their address space by /24s? This can put the service up instantly for almost all places Probably RPKI and that being a really bad idea that takes a long time to configure across every device, especially when you're dealing with an anycast network.
Good idea is to prepare it and provisioning tools before ;)
2. Why almost all carriers did not filter the leak on their side, but waited for "a better weather on Mars" for several hours?
Probably most did not notice immediately, or trusted their fellow large carrier peers to fix the matter faster than their own change control process would accept such a drastic change that had not been fully analysed and identified. The duration was actually quite low, on a human scale...
Did not notice a lot of calls "I can't access ..."? Really? OK, then another question. Which time from that calls starts to "people who know BGP know about it" is good?