On Thu, Dec 8, 2022 at 9:35 AM Randy Bush <randy@psg.com> wrote:
while i think the announcement is, shall we say, embarrassing, i do not see how it would be damaging. real/correct announcements would be for longer prefixes, yes?
randy
Putting on a probably-overly-paranoid hat for a moment... If I announce 2000::/12, seemingly as an innocent error, it won't break most people's routing, and is likely to be simply chalked up as a copy-paste error, or other human "oops". But if I happen to be running a promiscuous packet capture on a box that the "erroneous" routing table entry ultimately resolves to, I warrant there's a certain amount of legitimate packet streams I could collect here and there, any time a router processes a WITHDRAW update message for a more specific prefix within the range, before a new ANNOUNCE update message is processed. I'm not going to get a great deal of information, as most simple prefix updates happen within the same update message; but during periods of higher internal churn in a network, you may have brief periods during which the more specific route is withdrawn before being re-announced, during which I'd be able to harvest packets destined for other networks. As I said--I'm probably being overly paranoid, but I can't help but wonder what packets such a collector might see, if left to run for a week or two... ^_^; Thanks! Matt