North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: YouTube IP Hijacking

  • From: Arnd Vehling
  • Date: Tue Feb 26 08:27:36 2008

Randy Epstein wrote:
> My point was that even with a license, accidents still occur.

My point is that without a license more accidents will occur.

> Vendors currently do train their customers and certify them.  

A lot of companies dont send their personel to training lessons because
of the costs. The vendor primarily trains how to _implement_ a BGP
policy on their equipment and not neccessarily how to develop a good
peering and filter policy.

The "youtube ip hijacking" case _may_ be a result of route
redistribution from an internal routing protocol to BGP without any
route filters applied. Every decent BGP engineer knows that this is a
very bad idea.

> LIRs don't and
> cannot know all the gear out there and configurations from network to
> network vary.  

They dont need to. They could/should ensure that people running ASNs
have a good knowledge about how BGP works. Not how to _implement_ a BGP
policy on a vendor device. This truly is up to the vendors and ISPs.

> This doesn't stop route leaks, nor would this protect us from
> intentional mischief.  

True, but it will help reducing incidents which will have a huge impact
on the live and economy of a lot of people. The "youtube IP hijacking"
was only a minor nuisance in relation to what can happen if other
prefixes are "hijacked" or just leak due to clueless personal.

-- Arnd