Kitz Forum
Announcements => News Articles => Topic started by: jelv on April 21, 2020, 09:58:24 AM
-
https://www.ispreview.co.uk/index.php/2020/04/cloudflare-ignite-consumer-isp-confusion-with-bgp-safety-test.html
Over the past few days we’ve had a small but growing stream of Tweets and Emails from people who have run Cloudflare’s new ‘Is BGP Safe Yet (https://isbgpsafeyet.com/)‘ tool and are worried that their UK broadband ISP is “unsafe” because it uses the Border Gateway Protocol (BGP) and not RPKI. Aside from poor timing with COVID-19, the result can be misleading.
-
AAISP
(https://forum.kitz.co.uk/index.php?action=dlattach;topic=24654.0;attach=28531;image)
-
AAISP cheat the test.
From the comments section
Yeah, AAISP have hacked the Cloudflare test by manually dropping the invalid prefix Cloudflare announce on their routers.
AAISP’s MD has stated on Twitter that they are looking to develop in RPKI in their core routers, but as yet, they don’t support this.
It’s all an interesting debate!
However, until such time that the entire world – both ISPs on on-side, and the content providers on the other all support RPKI, set ROAs/route objects in a RIR, then there will still be glaring gaps in RPKI being effective at stopping prefix hijacking, (and until the next weakness is found)!
-
interesting john i only read yesterday on revk blog about how they are been secure on bgp, when im back on pc ill link it, not sure if it was this specific feature though.
-
https://www.revk.uk/2020/04/bgp.html
-
Yep that's the post, thanks, having another read of it though, he didn't say its been deployed, just that its in the works.
-
https://www.revk.uk/2020/04/bgp.html
Confirms what I said above, not yet deployed.
They simply cheat the test by dropping the invalid prefix.
Virgin do the same.