Many companies which provide various type of services which are depends on the internet have their own IP prefixes. They announces prefixes to the internet using BGP protocol and AS numbers.
From the principle of BGP, it's possible to break path to your servers if somebody announce same prefix as you. This is really big problem because your business is in risk. Communication is problematic and takes lot of time. Normaly, providers and peers should have configured some rules, filters and other types of security to prevent this.
Using filters isn't mandatory, so it can happen and it happened many times.
Question is, what you should do to avoid this situation ?
RIPE NCC introduce one mechanism which can help you with this. It's called Resource Certification (RPKI). It means you create new records in RIPE database where you specify your resources, AS numbers, IP prefix and prefix size limits. This records are called ROAs and it's signed by LIR certificate which is signed by RIR Certification Authority.
Core routers on the internet checked advertising routes and compare it with ROAs in database (if exists). If route doesn't match with ROA signed record it is ignored.
Of course you must find who advertise bad routes and communicate with him. But your's business is not globally shutdown.
Links
Subscribe to:
Post Comments (Atom)
ESP8266 + InfluxDB + OLED DIsplay and DHT22
Basicly just put together from Examples. Sending data tu InfluxDB was little bit tricky using HTTPClient and POST method for InfluxDB.
-
Hi, if anyone is interested in open source mail server solution iRedMail and use MySQL as backend should now use my small cli script. Scrip...
-
Táto kauza je na slovensku pomerne dosť známa, no postupne sa na ňu zabúda a to podľa môjho názoru nieje velmi OK. Ako sa hovorí národy, kto...
No comments:
Post a Comment