Saku,
> In most cases upstream does not do any automatic prefix filter generation,
> it's maybe somewhat popular in mid-sized european shops but generally not too
> common.
What do you mean? In most cases upstreams do not filter prefixes at all?
> There is active on-going work to secure BGP and you may want to read up on
> 'RPKI' which is further along that track.
Thanks for mentioning this! Very interesting effort. I validated some
routes in LIR portal, verified that those are validated using RIPE
rpki-validator tool and a Juniper router connected to validator:
r...@lr1.ham1.de> show validation session detail
Session 195.13.63.18, State: up, Session index: 2
Group: eurotransit-testbed, Preference: 100
Local IPv4 address: 193.34.50.25, Port: 8282
Refresh time: 120s
Hold time: 180s
Record Life time: 3600s
Serial (Full Update): 559
Serial (Incremental Update): 559
Session flaps: 0
Session uptime: 00:11:35
Last PDU received: 00:00:27
IPv4 prefix count: 4921
IPv6 prefix count: 833
r...@lr1.ham1.de> show route protocol bgp 5.11.81.0
inet.0: 456407 destinations, 456408 routes (456407 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
5.11.81.0/24 *[BGP/170] 00:11:59, localpref 110, from 79.141.168.1
AS path: 33926 25577 43532 I, validation-state: valid
> to 193.34.50.1 via em0.0
RPKI-valid.inet.0: 11440 destinations, 11440 routes (11440 active, 0
holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
5.11.81.0/24 *[BGP/170] 00:11:11, localpref 110, from 79.141.168.1
AS path: 33926 25577 43532 I, validation-state: valid
> to 193.34.50.1 via em0.0
r...@lr1.ham1.de>
Massimiliano, Paul, Indra:
thanks for pointing out those interesting cases!
regards,
Martin
2013/8/8, Carlos Martinez-Cagnazzo <carlosm3...@gmail.com>:
> They do happen, but they get little publicity. People that I've talked to
> about this say, for reasons mostly unspecified, they'd rather not talk
> about it.
>
>
> On Wed, Aug 7, 2013 at 6:06 PM, Christopher Morrow
> <morrowc.li...@gmail.com>wrote:
>
>> On Wed, Aug 7, 2013 at 4:59 PM, Marsh Ray <ma...@microsoft.com> wrote:
>> >
>> > It would be incredibly useful for someone to start a page or a category
>> on Wikipedia "List of Internet Routing and DNS Incidents" that would
>> include both "accidental" and malicious events.
>> >
>>
>> do we really need that? they seem to occur often enough that that
>> isn't really required :(
>>
>>
>
>
> --
> --
> =========================
> Carlos M. Martinez-Cagnazzo
> h <http://cagnazzo.name>ttp://cagnazzo.me
> =========================
>
