This candidate list of requirements is for route sources that North American Operators should trust to propagate long prefix routes, nothing more, nothing less. In that context, some of your comments don't really make sense. Perhaps you might like to propose criteria you would find useful in setting a level of trust, or some alternative method to avoid a recurrence of a site that is widely visited being black holed through another ISP advertising a more specific route? Specifically: In place of item 1, what criteria would you propose for the route source? Item 2: in this context, is specific to the needs of North American Network Operators accepting long prefix routes. I am not advocating not accepting routes from the ROW, just not very specific ones. It's entirely possible for North American Operators to rely on law enforcement in say, the EU and Australia. Item 3: Glad we agree on something. Item 4: How would you have said it? I think it would be better to propose some constructive ideas as to how we can avoid what happened today from recurring, and also deal with the issue of hijacked IP space in general.
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Patrick W. Gilmore Sent: Sunday, February 24, 2008 5:43 PM To: nanog@merit.edu Cc: Patrick W. Gilmore Subject: Re: YouTube IP Hijacking
On Feb 24, 2008, at 7:36 PM, Tomas L. Byrnes wrote:
I'm sure we can all find a list of "critical infrastructure" ASes that could be trusted to peer via the "high priority" AS. I'd say that the criteria should be:
1: Hosted at a Tier 1 provider.
That is a silly requirement.
(I am sorry, I tried hard to find a nicer way to say this, but I really feel strongly about this.)
2: Within a jurisdiction where North American operators have a good chance of having the law on their side in case of any network outage caused by the entity.
This is also a bit strange. Do your users never attach to a host outside the USofA?
3: Considered highly competent technically.
Here we agree.
4: With state of the art security and operations.
I think we agree, but I wouldn't have said it like that.
-- TTFN, patrick
OTOH: I would say that, until today, those who advocate not engaging in any kind of ethnic or political profiling would have considered 17557, as a national telco, a trusted route source.
-----Original Message----- From: Randy Epstein [mailto:repstein@chello.at] Sent: Sunday, February 24, 2008 4:15 PM To: Tomas L. Byrnes; 'Simon Lockhart' Cc: 'Michael Smith'; neil.fenemor@fx.net.nz; will@harg.net; nanog@merit.edu Subject: RE: YouTube IP Hijacking
Tomas L. Byrnes wrote:
Perhaps certain ASes that are considered "high priority", like Google, YouTube, Yahoo, MS (at least their update servers), can be trusted to propagate routes that are not aggregated/filtered, so as to give them control over their reachability and immunity to longer-prefix hijacking (especially problematic with things like MS update sites).
Not to stir up a huge debate here, but if I were a day trader, I could live without YouTube for a day, but not e*trade or Ameritrade as it would be my livelihood. If I were an eBay seller, why would I care about YouTube? You get the idea. What makes Google, YouTube, Yahoo, MS, etc more important?
More importantly, why is PCCW not prefix filtering their downstreams? Certainly AS17557 cannot be trusted without a filter.
Randy
-----Original Message----- From: Simon Lockhart [mailto:simon@slimey.org] Sent: Sunday, February 24, 2008 2:07 PM To: Tomas L. Byrnes Cc: Michael Smith; neil.fenemor@fx.net.nz; will@harg.net; nanog@merit.edu Subject: Re: YouTube IP Hijacking
Which means that, by advertising routes more specific
On Sun Feb 24, 2008 at 01:49:00PM -0800, Tomas L. Byrnes wrote: than the ones
they are poisoning, it may well be possible to restore universal connectivity to YouTube.
Well, if you can get them in there.... Youtube tried that, to restore service to the rest of the world, and the announcements didn't propogate.
Simon