From: WorkerBee (ciscobee@gmail.com)
Date: Sat Mar 01 2008 - 00:01:36 ARST
Joe, if you follow through the article
http://www.ripe.net/news/study-youtube-hijacking.html.
AS36561 (YouTube) is announcing 208.65.153.0/25 and 208.65.153.128/25
but less visible on the
Internet because there are some providers who do not have a proper
filtering to reject 0.0.0.0/0 ge 25.
In this case, AS3549 is accepting those /25 prefixes and propagating
out which is not suppose to do so.
Look at the graph under Since Sunday, 24 February 2008, 20:18 (UTC),
It is individual providers to make an effort not to accept and
propagate small prefixes (/25 - /32).
My guess is, YouTube engineers may try to steer the /24 prefix back by
thinking of generating
more specified /25 prefixes, hoping it will fix it. This will not work
for providers who comply to no smaller prefixes policy.
Isn't is an implicit understanding of all peerings not to send /25
prefixes out?
It takes 2 hands to clap to make things better or worst. :)
On Sat, Mar 1, 2008 at 8:13 AM, Joseph Brunner <joe@affirmedsystems.com> wrote:
> Scott, re "the youtube engineer's fix" from the ripe page of advertising 2
> /25's to be longer prefix matches then the /24 pakistan was hijacking-
>
> Don't most providers deny 0.0.0.0/0 ge 25
>
> Anyway?
>
> Who accepted a /25?
>
> Or all these years have I been fooled into thinking only
> 0.0.0.0/0 le 24 will work?
>
> Thanks,
>
> Joe
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>
>
> Scott Morris
> Sent: Friday, February 29, 2008 1:25 PM
> To: 'Shawn Zandi'; 'Cisco certification'
> Subject: RE: Youtube BGP/IP hijacked
>
> This is why filtering in BGP (in and out) is a good idea. But also a
> demonstration of lack-of-BGP skills on a global basis!
>
> Marketing opportunity? :)
>
>
> Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, JNCIE-M
> #153, JNCIS-ER, CISSP, et al.
> CCSI/JNCI-M/JNCI-ER
> VP - Technical Training - IPexpert, Inc.
> IPexpert Sr. Technical Instructor
>
> A Cisco Learning Partner - We Accept Learning Credits!
>
> smorris@ipexpert.com
>
>
>
> Telephone: +1.810.326.1444
> Fax: +1.810.454.0130
> http://www.ipexpert.com
>
>
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Shawn Zandi
> Sent: Friday, February 29, 2008 12:56 PM
> To: Cisco certification
> Subject: Youtube BGP/IP hijacked
>
> As you may be aware from recent news reports, traffic to the youtube.com
> website was 'hijacked' on a global scale on Sunday, 24 February 2008.
> The incident was a result of the unauthorized BGP announcement of the prefix
> 208.65.153.0/24 and caused the popular video sharing website to become
> unreachable from most, if not all, of the Internet.
> http://www.ripe.net/news/study-youtube-hijacking.html
>
> Shawn Zandi
> www.shafagh.com
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Tue Apr 01 2008 - 07:53:51 ART