[Job] >> Given the description: >> >>> "A multi-homed AS learns a route from one upstream ISP and announces >>> a subprefix (subsumed in the prefix) to another upstream ISP." >> >> I'd classify this type of announcement a "hijack" or "attack", not a route >> leak.
[Chris] >this makes sense to me, this is the equivalent of several well known >instances of someone's 'internap' box leaking outside their span of >control. So, I agree this is a hijack, not a leak... though clearly >the subnets were 'leaked' outside the span of control, the effect is >really a hijack of the remote prefix. [Joel Jaeggli] >hijack is the practical result of the more specific. >intent is of course something else. Job and I discussed this in person, and as I understand he makes the following two important points regarding Type 5 (U-Turn with more specific) and why perhaps it should be omitted from the list of route-leak types: 1. In Type 5, the offending AS receives a less specific and crafts an update with a more specific (with AS path intact, Kapela-Pilosov style). The update with the more specific basically was never announced by a neighbor and was not there in the RIB. So it is a newly crafted update, and not a route leak as such. 2. The other instance of Type 5 was that the update with the more specific was there in the RIB but only for regional TE purpose, and was not meant to be announced via transit, but it was leaked. In this case, the leaked more specific route existed in the RIB, and was not crafted. The leak, however, can be thought of as a Type 1 (prefix) leak; no need to characterize it as a Type 5 (more specific). I am OK with Job’s line of reasoning. Hoping this is agreeable to others in the WG as well, I will proceed to update the draft to omit Type 5. However, if anyone feels there is some merit/rationale to keep Type 5, please speak up. Thanks. Sriram _______________________________________________ GROW mailing list [email protected] https://www.ietf.org/mailman/listinfo/grow
