[AusNOG] google potential route hijacked.
Aftab Siddiqui
aftab.siddiqui at gmail.com
Tue Nov 13 15:33:49 EST 2018
Hi Binh,
Thanks for sharing this. The most likely issue is NO prefix filtering at
China Telecom end. Mainone (AS37282) leaked probably everything they
learned from IXPN (Lagos IXP) Route Server to its direct peer AS4809 (China
Telecom).
I have presented the status of BOGON announcements, Prefix Hijacks and BGP
Leaks in last 2 AusNOG events and have seen some improvements as well. BUT
there is so much to do.
> --- How to avoid?
>
> https://www.ausnog.net/sites/default/files/ausnog-2018/presentations/2.10.5_Binh_Lam_AusNOG2018_Lightning.pdf
>
> I highly recommended all of large ISP, ASP, Cloud Provider, or any
> critical infrastructure hosting..
> 1. clean up your route object. enable rpki for your route objects..
>
AU/NZ status of ROAs is close to ZERO.
> 2. review filter policy
>
Absolutly and probably automate it if you can
> 3. review routing policy.. > announce /24 to all upstreams, peers equally
> for your critical infrastructure!
>
Are you suggesting everyone should deaggregate and announce /24?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20181113/d1d2d05b/attachment.html>
More information about the AusNOG
mailing list