Hi chris,
2012/1/23 Christopher Morrow morrowc.li...@gmail.com
On Fri, Jan 20, 2012 at 8:08 AM, Yang Xiang
xiang...@csnet1.cs.tsinghua.edu.cn wrote:
2012/1/20 Arturo Servin aser...@lacnic.net
while Argus can discover potential hijackings caused by anomalous AS
path.
reading the
On Mon, Jan 23, 2012 at 10:19 AM, Yang Xiang
xiang...@csnet1.cs.tsinghua.edu.cn wrote:
Hi chris,
2012/1/23 Christopher Morrow morrowc.li...@gmail.com
On Fri, Jan 20, 2012 at 8:08 AM, Yang Xiang
xiang...@csnet1.cs.tsinghua.edu.cn wrote:
2012/1/20 Arturo Servin aser...@lacnic.net
while
2012/1/23 Christopher Morrow morrowc.li...@gmail.com
ok, that seems squirrelly still :(
so, take routeviews for example, they peer almost exclusively
ebgp-multi-hop, so any 'best path' you see there isn't actually usable
by the route-server... all traffic has to take the local transport out
On 1/23/2012 7:28 AM, Christopher Morrow wrote:
On Mon, Jan 23, 2012 at 10:19 AM, Yang Xiang
xiang...@csnet1.cs.tsinghua.edu.cn wrote:
Hi chris,
2012/1/23 Christopher Morrow morrowc.li...@gmail.com
On Fri, Jan 20, 2012 at 8:08 AM, Yang Xiang
xiang...@csnet1.cs.tsinghua.edu.cn wrote:
2012/1/24 John Kemp k...@network-services.uoregon.edu
Minor correction there. If you are talking about our IX collectors
(LINX, PAIX,
EQIX Ashburn, SYDNEY, etc.) those are at exchanges and peering
directly. The
collectors at Univ of Oregon (rv,rv2,rv3,rv4, rv6), yeah, those are
On Fri, Jan 20, 2012 at 8:08 AM, Yang Xiang
xiang...@csnet1.cs.tsinghua.edu.cn wrote:
2012/1/20 Arturo Servin aser...@lacnic.net
while Argus can discover potential hijackings caused by anomalous AS
path.
Can you explain how?
Only a imprecisely detection.
Section III.C in our
You could use RPKI and origin validation as well.
We have an application that does that.
http://www.labs.lacnic.net/rpkitools/looking_glass/
For example you can periodically check if your prefix is valid:
RPKI is great.
But, firstly, ROA doesn't cover all the prefixes now,
we need an alternative service to alert hijackings.
secondly, ROA can only secure the 'Origin AS' of a prefix,
while Argus can discover potential hijackings caused by anomalous AS path.
After ROA and BGPsec deployed in the
On 20 Jan 2012, at 10:38, Yang Xiang wrote:
RPKI is great.
But, firstly, ROA doesn't cover all the prefixes now,
we need an alternative service to alert hijackings.
Or to sign your prefixes.
secondly, ROA can only secure the 'Origin AS' of a prefix,
That's true.
2012/1/20 Arturo Servin aser...@lacnic.net
On 20 Jan 2012, at 10:38, Yang Xiang wrote:
RPKI is great.
But, firstly, ROA doesn't cover all the prefixes now,
we need an alternative service to alert hijackings.
Or to sign your prefixes.
Sign prefixes is the best way.
Before
On Jan 20, 2012, at 8:08 AM, Yang Xiang wrote:
I think network operators are only careless, but not trust-less,
so black-hole hijacking is the majority case.
This is aligned with the discussion on route leaks at the proposed
interim SIDR meeting just after NANOG.
Even with RPKI and BGPSEC
If you want to play around with RPKI Origin Validation, you can download the
RIPE NCC RPKI Validator here: http://ripe.net/certification/tools-and-resources
It's simple to set up and use: just unzip the package on a *NIX system, run
./bin/rpki-validator and browse to http://localhost:8080
BBN has also released an initial version of their relying party
software. Core features are basically the same as the other
validators (namely, RPKI certificate validation), with
-- more fine-grained error diagnostics and
-- more robust support for the RTR protocol for distributing validated
13 matches
Mail list logo
