On Thu, Aug 30, 2012 at 8:41 AM, William Herrin <b...@herrin.us> wrote: > On Thu, Aug 30, 2012 at 7:54 AM, Anurag Bhatia <m...@anuragbhatia.com> wrote: >> Is using /24 a must to protect (a bit) against route hijacking? > > Hi Anurag, > > Not only is it _not_ a must, it doesn't work and it impairs your > ability to detect the fault. > > In a route hijacking scenario, traffic for a particular prefix will > flow to the site with the shortest AS path from the origin. Your /24 > competes with their /24. Half the Internet, maybe more maybe less > depending on how well connected each of you are, will be inaccessible > to you.
Preventively there seems to be no utility to this. Reactively, after a hijacking starts, has anyone tried announcing both (say) /24s for the block and (say) 2x /25s for it as well, to get more-specific under the hijacker? Yes, a lot of places will filter and ignore, but those that don't ... (Yes, sign your prefixes now, on general principles) -- -george william herbert george.herb...@gmail.com
