On Jan 27, 2006, at 11:39 AM, Joe Abley wrote:
On 27-Jan-2006, at 11:12, [EMAIL PROTECTED] wrote:
but by definition, the right-most entry is the prefix origin...
Suppose AS 9327 decides to originate 198.32.6.0/24, but prepends
4555 to the AS_PATH as it does so. Suppose 9327's uses a transit
provider which builds prefix filters from the IRR, and the "as9327"
aut-num object is modified to include policy which suggests 9327
provides transit for 4555. Suppose this is not actually the case,
though, and in fact 9327 is a rogue AS which is trying to capture
4555's traffic.
The rest of the world sees a prefix with an AS_PATH attribute which
ends with "9327 4555".
In this case, from the point of view of those trying to discern
legitimacy of advertisements, what is the origin of the prefix? Is
it 4555, or 9327?
Is it possible to tell, from just the right-most entry in the
AS_PATH attribute?
Suggested solutions do not have to solve every possible problem.
Knowing the "correct" origin will stop accidental announcements, like
the one under discussion in this thread.
And, I suspect, most problems we see today of this sort. We are not
(yet) to the point where maliciously originated prefixes are as big a
problem as accidentally originated prefixes.
--
TTFN,
patrick