When did this happen? I read reports at least once a month about stolen IP space by some fuckhead routing a smaller table and it being accepted upstream by incompetent/bribed providers.
Okay, there are two mechanisms: IRR and RPKI.
IRR is essentially a type of a âdatabase systemâ provided by some companies, which basically say:
1.2.3.0/24 can be announced by AS1234
One of the most used IRR databases is RADB. The problem is that basically anyone who pays can insert entries. That doesnât mean the system is useless - it mostly works for basic customer<>ISP prefix validation (assuming the ISP is legitimate).
RPKI is not dissimilar, but the whole database thing is provided by RIRâs. Which means they validate whether you own the IP space or not. Some large providers (including Tier 1âs like NTT) started filtering prefixes with invalid RPKI in their core network, which means they donât check only prefixes of their customers, but EVERYTHING in their routing table.
This should prevent larger scale hijacks.
The problem is that not everyone has RPKI, or even IRR deployed. Lots of IP space is âunprotectedâ
Thank you so much for the detailed description!
I didnât realise you have a blog. Adding it to my RSS reader!
CloudFlare released a blog post as well. I would say itâs more detailed and goes more into depth of the tech involved. But hey, I was first and it was supposed to be an ELI5
Thank you very much! While I donât post too often I certainly appreciate that.