Jari: Thanks for the pointers. Commonly, subprefix announcement by legitimate owner is used as a recovery mechanism after a prefix or subprefix hijack is detected. Example - Recent YouTube incident: http://www.renesys.com/blog/2008/02/pakistan_hijacks_youtube_1.shtml >From Daniel Karrenberg's presentation slides, it not obvious what fraction of deaggregation is due to "proactive" subprefix announcement to reduce the likelihood of being hijacked.
PHAS and PGBGP are some of the alert/protection mechanisms against prefix/subprefix hijacks that are in research: http://www.cs.arizona.edu/people/bzhang/paper/originChange.pdf http://www-users.itlabs.umn.edu/classes/Spring-2006/csci8211/Readings/pgbgp.pdf The following presentation (on Slide 7) lists more generally the various efforts that seek to secure the system: http://www.renesys.com/tech/presentations/pdf/apricot-lightning-08.pdf We (NIST) have a presentation scheduled at the upcoming NANOG-43 that provides an overview and comparisons of various BGP Anomaly Detection and Robustness Algorithms. Sriram Quoting Jari Arkko <[EMAIL PROTECTED]>: > > Daniel Karrenberg and few others talked about routing table > fragmentation and why so many entries are /24s. His data points to the > direction that a big fraction of the advertised /24s are from > de-aggregations of bigger allocations. Obviously there are many reasons > for this, including traffic engineering, multihoming, etc. However, at > least for me it was news that one possible reason for doing this would > be to "protect" yourself against prefix hijacking. By advertising /24s > you reduce the likelihood of being hijacked with a more specific route. > If true, one action that needs to be taken to reduce routing scalability > problem is to secure the system in some proper way. Here are the > presentations: > http://rosie.ripe.net/ripe/meetings/ripe- 56/presentations/uploads/Monday/Plenary%2016:00/upl/Karrenberg- IPv4_Prefix_Lengths.LGnt.pdf > http://rosie.ripe.net/ripe/meetings/ripe- 56/presentations/uploads/Tuesday/Plenary%2014:00/upl/Karrenberg- Response_to_Prefix_Length_Question_from_Yesterday.xXAg.png > > Have people here actually seen such "protection" as a reason for someone > to de-aggregate their prefixes? > > Jari -- to unsubscribe send a message to [EMAIL PROTECTED] with the word 'unsubscribe' in a single line as the message text body. archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg
