[arin-ppml] [EXT] Re: Open Petition for ARIN-prop-266: BGP Hijacking is an ARIN Policy Violation
owen at delong.com
Tue May 7 22:44:09 EDT 2019
> On May 7, 2019, at 12:25 , Michel Py <michel at arneill-py.sacramento.ca.us> wrote:
> Hi Keith,
>> Keith W. Hare wrote :
>> I have not yet seen a complete clear consistent definition of BGP/Route
>> hijacking. Such a definition is a prerequisite to defining a meaningful policy.
> I agree.
> And in order to have that clear consistent definition of what hijacking is, we also have to define what it is not.
> Included, but not limited to :
Let me take a stab…
BGP Hijacking is the BGP origination of a prefix by someone other than the RIR registrant (if any) who does so without
the express permission of the registrant or beyond the term of such permission by registrant.
> - Squatting.
> - Loitering.
I’m not sure I agree that these are not hijacking.
> - Some forms of DDOS mitigation.
> - Leasing (same as DDOS mitigation, it's technically hijacking with permission).
Presumably these involve permission of the registrant and are therefore
> - Traffic Engineering.
> - Traffic Shaping.
Presumably these do not involve BGP origination of the prefix in question except in the case of TE by the prefix owner.
> - Interception (lawful and not).
Well, I can see how we might say that lawful intercept is not hijacking (I’m not sure I agree 100%), but how would non-lawful
intercept through route origination be classified as not hijacking?
> - ASN impersonation.
> - ASN usurpation.
I agree that these in and of themselves are not hijacking, but, using said impersonated or usurped ASN as a prepend or
on a route originated as defined above would, IMHO, still be a form of hijacking. (The ASN use itself isn’t, but the origination
of the route is still hijacking).
> - AS-PATH manipulations.
Agreed, except in the case where the announcement resulting still meets the origination test defined above.
> - The relation between MPLS and BGP.
> - VRFs.
In the cases where these activities fail the above test, I would agree. In the cases where they meet the above test, I would
argue that they still constitute hijacking.
>> To me, ARIN’s current practice is a good way of responding to BGP/Route hijacking reports.
>> It includes the flexibility, investigation, and communication necessary to identify and
>> correct issues. The current practice works by using communication and persuasion. It has
>> the advantage that the details are not codified in policy and so can adjust depending on
>> the actual details and intent discovered during the investigation.
> I trust that ARIN's staff has the necessary training, experience, background, and technical expertise for such practice.
> Which unfortunately I can't say the same about some of the participants in the recent debate.
> I welcome questions, and I hope ARIN will continue to weigh correctly the assertions of people who have never configured BGP on a production network.
More information about the ARIN-PPML