Thanks for your answer. I think that you are referring to what Pakinstani
ISP did wrong. I am interested how You Tube reacted to the problem.
As axplained in RIPEs case study Pakistani ISP started advertising
208.65.153.0/24.
To fix the problem YouTube started announcing 208.65.153.0/25 and
208.65.153.128/25, Because of the longest match rule the /25 are preferred
over /24 and routers that received 2 x /25 routes sent traffic to YouTube.
My question is how can you quickly advertise 2 smaller subnets, in this case
2 x /25 instead of one /24 ? I can only suppose that 208.65.153.0/24 is
redistributed from an IGP where servers reside. How can you then take a /24
route from for example OSPF and adverise it via BGP as two /25 routes ?
RIPE case study is here:
http://www.ripe.net/internet-coordination/news/industry-developments/youtube-hijacking-a-ripe-ncc-ris-case-study
On Tue, Jun 28, 2011 at 5:36 PM, Brian McGahan <bmcgahan_at_ine.com> wrote:
> They were trying to Null route it. All you have to do is say:
>
> 208.65.153.128 255.255.255.128 null0
> 208.65.153.0 255.255.255.128 null0
> !
> router bgp 1
> network 208.65.153.128 mask 255.255.255.128
> network 208.65.153.0 mask 255.255.255.128
>
> Blackholes like this are support to be community no-export, but they
> screwed up their config and they leaked the advertisements to their EBGP
> peers.
>
> Brian McGahan, CCIE #8593 (R&S/SP/Security)
> bmcgahan_at_INE.com
>
> Internetwork Expert, Inc.
> http://www.INE.com
Blogs and organic groups at http://www.ccie.net
Received on Wed Jun 29 2011 - 11:05:40 ART
This archive was generated by hypermail 2.2.0 : Fri Jul 01 2011 - 06:24:28 ART