On Mon, 9 Jul 2007 Valdis.Kletnieks@vt.edu wrote:
On Mon, 09 Jul 2007 02:18:25 -0000, "Chris L. Morrow" said:
While S*BGP seem like they may offer additional protections and additional knobs to be used for protecting 'us' from 'them', the very basics are obviously not being done so added complexity is not going to really help :( Or, perhaps its not that its not going to help its just not going to get done because even prefix-lists are 'too hard', apparently.
"Wow, prefix-lists are *hard*" -- BGP Barbie..
shopping anyone?
You'd think that by now, we as an industry could do better than that.
I think that over all, over a goodly period of time, we are... we occasionally step on the wrong end of the rake still :(
(Yes, I know the jury is still out on what really happened at L3-Hanaro.
from some other conversations about this, this seems to be a similar problem to what happened to NY-Edison about 1.5/2 years ago now (panix.com route hijackage)... 'auto filter from IRR data' without some form of checking for proper authority. Of course, now that I stirred the 'l3 shoulda filtered' pot I should probably also stir the 'large ISP customers should outbound prefix-filter' pot. It's very likely that they DO filter outbound, atleast to pref routes from place to place, perhaps twin failures caught them? :( I think Marcus, Randy, Steve, Lixia all are getting at an underlying issue: "The interwebs are not as trivial to the world as they once were" So more strict control and operational due-dilligence should be on everyone's plate... Atleast for basics like making sure the routing system functions properly going forward. Anyway, should be interesting to get some more details on what happened if they are ever to become available. -Chris