North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: RIPE NCC publishes case study of hijack

  • From: David Ulevitch
  • Date: Fri Feb 29 09:58:36 2008

The report states:

Sunday, 24 February 2008, 20:07 (UTC): AS36561 (YouTube) starts announcing With two identical prefixes in the routing system, BGP policy rules, such as preferring the shortest AS path, determine which route is chosen. This means that AS17557 (Pakistan Telecom) continues to attract some of YouTube's traffic.

It's worth noting that from where I sit, it appears as though none of Youtube's transit providers accepted this announcement. Only their peers.

The point is -- Restrictive customer filtering can also bite you in the butt. Trying to require your providers to do a "ge 19 le 25" (or whatever your largest supernet is), rather than filters for specific prefix sizes seems a worthwhile endeavor so you can de-aggregate on the fly, as necessary.


Tom Quilling wrote:
for those interested in the matter

Dear Colleagues,

    As you may be aware from recent news reports, traffic to the website was 'hijacked' on a global scale on Sunday, 24
    February 2008. The incident was a result of the unauthorised
    announcement of the prefix and caused the popular
    video sharing website to become unreachable from most, if not all,
    of the Internet.

    The RIPE NCC conducted an analysis into how this incident was seen
    and tracked by the RIPE NCC's Routing Information Service (RIS) and
    has published a case study at:

    The RIPE NCC RIS is a service that collects Border Gateway Protocol
    (BGP) routing information from roughly 600 peers at 16 Internet
    Exchange Points (IXPs) across the world. Data is stored in near
    real-time and can be instantly queried by anyone to provide multiple
    views of routing activity for any point in time.

    The RIS forms part of the RIPE NCC's suite of Information Services,
    which together provide a deeper insight into the workings of the
    Internet. The RIPE NCC is a neutral and impartial organisation, and
    commercial interests therefore do not influence the data collected.

    The RIPE NCC Information Services suite also includes the Test
    Traffic Measurement (TTM) service, the DNS Monitoring (DNSMON)
    service and Hostcount. All of these services are available to
    anyone, and most of them are offered free of charge.

    More information about RIPE NCC Information Services can be found at:

    Daniel Karrenberg
    Chief Scientist, RIPE NCC