[arin-ppml] prop266 - re-framing the discussion

Tom Samplonius tsamplonius at ubn.ca
Thu May 2 17:54:12 EDT 2019 

> On May 2, 2019, at 2:11 PM, Scott Leibrand <scottleibrand at gmail.com> wrote:
> 
> Do you have any reason to believe that ARIN getting involved in real-time notification of BGP hijacking, with or without firmly worded language and with or without an implied threat, will be any more effective than current methods of shutting down hijacks once they've started?  My impression is that nearly all hijacks are quickly filtered by transit providers once they're contacted by the legitimate holder of the addresses.
…


  Well, since transit providers universally use IRR, it is unlikely that hijacks even work, unless there are legacy ports where IRR was not implemented.

  http://peering.exposed/ has a list of IX that have secure route servers (secure meaning that they implement IRR).  It is a significant number, and it is increasing.

  The problem with this BGP hi-jack proposal, is the problem statement itself.  How many hijacks are happening in the ARIN region per month?  10?  100?  1000?  And why is IRR not the solution to hijacks, since it is widely (but not universally) implemented?  I suspect the number of hijacks in the ARIN region is basically zero, because even if IRR it not universal, it just takes a few larger networks to block the spread of hijacked routes.  And if hijackers can’t hijack globally, then why hijack at all?  All of the tier 1s that I talk to have moved from manually maintained prefix lists to fully automated IRR maintenance on customer edge ports.

  The Internet Society has created the MANRS initiative (https://www.manrs.org/ <https://www.manrs.org/>) to encourage all networks globally to implement route security (among other things), but strangely there hasn’t been a single mention of it in any of these threads.  MANRS is the best way to address hijacking, since it prevents hijacking from even happening (along with other bad things like spoofing).



--
Tom Samplonius
VP of Technology
Urban Communications Inc.
tsamplonius at ubn.ca



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20190502/206dc314/attachment.htm>

More information about the ARIN-PPML mailing list