In message <alpine.LRH.2.21.1903311120210.29965@gauntlet.corp.fccn.pt>, Carlos Friaças via anti-abuse-wg <anti-abuse-wg@ripe.net> writes
On Sat, 23 Mar 2019, Lu Heng wrote:
(...)
And for the record, it?s in my short term interest to have that policy as we do suffer from time to time hijackings, and I made presentation in this working group how more half million of our IP get hijacked for half a year.
Lu Heng can of course reply, but I have some familiarity with this particular episode
1) The hijackings you mentioned also affect your customers, right?
I do not believe they did, not all announced space is in use
2) Do you or your customers report these hijackings (and their impact) to somebody?
The hijacks only came to light due to feedback about spam sending, where it turned out to be impossible to identify anyone using the IPs that were sending the spam. In that sense the reporting was the other way.
3) Is it in your customers' best interest to do nothing?
I think it's presumptuous to assume that nothing was done. Once it was understood what was occurring (which took rather longer than I think it would today) the matter was dealt with and the hijacks ceased
4) Is it in your customers' best interest to "protect" the lack of rules about hijacking at registry level?
Rules do not prevent hijacks -- detection and mitigation do
As i understand it, if someone provides the RIR with falsified data
there was no falsified data provided to an RIR in this case
, they expose themselves to have a LIR closure (i.e. RIPE-716). Imho, having this rule in place is protecting the RIR's long term stability -- the point about 2019-03 is that someone doing persistent intentional hijacks should be subject to the same "risk".
I have already pointed you towards IXPs once ... that's where this example was dealt with.
I understand your point about partial visibility. With 2019-03 in place, i think the incentive for anyone to share their routing view will increase, as a way of protection -- i see it as "community protection".
this is a new point presented without any evidence whatsoever (albeit I do agree that having more sensors would improve the detection of some hijacking events). The content of routing tables are often not shared publicly for reasons of perceived commercial confidentiality -- you should elaborate why that shyness would be changed by the proposed policy (especially given the claims made that hijacking is already easy to understand with the existing sensor network). -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755