draft-ietf-grow-route-leak-problem-definition-01.txt   draft-ietf-grow-route-leak-problem-definition-02.txt 
Global Routing Operations K. Sriram Global Routing Operations K. Sriram
Internet-Draft D. Montgomery Internet-Draft D. Montgomery
Intended status: Informational US NIST Intended status: Informational US NIST
Expires: September 10, 2015 D. McPherson Expires: January 6, 2016 D. McPherson
E. Osterweil E. Osterweil
Verisign, Inc. Verisign, Inc.
March 9, 2015 B. Dickson
Twitter, Inc.
July 5, 2015
Problem Definition and Classification of BGP Route Leaks Problem Definition and Classification of BGP Route Leaks
draft-ietf-grow-route-leak-problem-definition-01 draft-ietf-grow-route-leak-problem-definition-02
Abstract Abstract
A systemic vulnerability of the Border Gateway Protocol routing A systemic vulnerability of the Border Gateway Protocol routing
system, known as 'route leaks', has received significant attention in system, known as 'route leaks', has received significant attention in
recent years. Frequent incidents that result in significant recent years. Frequent incidents that result in significant
disruptions to Internet routing are labeled "route leaks", but to disruptions to Internet routing are labeled "route leaks", but to
date we have lacked a common definition of the term. In this date we have lacked a common definition of the term. In this
document, we provide a working definition of route leaks, keeping in document, we provide a working definition of route leaks, keeping in
mind the real occurrences that have received significant attention. mind the real occurrences that have received significant attention.
skipping to change at page 1, line 44 skipping to change at page 1, line 46
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 10, 2015. This Internet-Draft will expire on January 6, 2016.
Copyright Notice Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 25 skipping to change at page 2, line 25
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Working Definition of Route Leaks . . . . . . . . . . . . . . 3 2. Working Definition of Route Leaks . . . . . . . . . . . . . . 3
3. Classification of Route Leaks Based on Documented Events . . 3 3. Classification of Route Leaks Based on Documented Events . . 3
4. Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 4. Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
5. Security Considerations . . . . . . . . . . . . . . . . . . . 7 5. Security Considerations . . . . . . . . . . . . . . . . . . . 7
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 7 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 7
8. Informative References . . . . . . . . . . . . . . . . . . . 7 8. Informative References . . . . . . . . . . . . . . . . . . . 7
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 10
1. Introduction 1. Introduction
Frequent incidents [Huston2012][Cowie2013][Cowie2010][Madory][Zmijews Frequent incidents [Huston2012][Cowie2013][Toonk2015-A][Toonk2015-B][
ki][Paseka][LRL][Khare] that result in significant disruptions to Cowie2010][Madory][Zmijewski][Paseka][LRL][Khare] that result in
Internet routing are commonly called "route leaks". Examination of significant disruptions to Internet routing are commonly called
the details of some of these incidents reveals that they vary in "route leaks". Examination of the details of some of these incidents
their form and technical details. Before we can discuss solutions to reveals that they vary in their form and technical details. Before
"the route leak problem" we need a clear, technical definition of the we can discuss solutions to "the route leak problem" we need a clear,
problem and its most common forms. In Section 2, we provide a technical definition of the problem and its most common forms. In
working definition of route leaks, keeping in view many recent Section 2, we provide a working definition of route leaks, keeping in
incidents that have received significant attention. Further, in view many recent incidents that have received significant attention.
Section 3, we attempt to enumerate (though not exhaustively) Further, in Section 3, we attempt to enumerate (though not
different types of route leaks based on observed events on the exhaustively) different types of route leaks based on observed events
Internet. We aim to provide a taxonomy that covers several forms of on the Internet. We aim to provide a taxonomy that covers several
route leaks that have been observed and are of concern to Internet forms of route leaks that have been observed and are of concern to
user community as well as the network operator community. Internet user community as well as the network operator community.
This document builds on and extends earlier work in the IETF by
Dickson [draft-dickson-sidr-route-leak-def][draft-dickson-sidr-route-
leak-reqts].
2. Working Definition of Route Leaks 2. Working Definition of Route Leaks
A proposed working definition of route leak is as follows: A proposed working definition of route leak is as follows:
A "route leak" is the propagation of routing announcement(s) beyond A "route leak" is the propagation of routing announcement(s) beyond
their intended scope. That is, an AS's announcement of a learned BGP their intended scope. That is, an AS's announcement of a learned BGP
route to another AS is in violation of the intended policies of the route to another AS is in violation of the intended policies of the
receiver, the sender and/or one of the ASes along the preceding AS receiver, the sender and/or one of the ASes along the preceding AS
path. The intended scope is usually defined by a set of local path. The intended scope is usually defined by a set of local
skipping to change at page 3, line 36 skipping to change at page 3, line 36
The above definition is not intended to be all encompassing. The above definition is not intended to be all encompassing.
Perceptions vary widely about what constitutes a route leak. Our aim Perceptions vary widely about what constitutes a route leak. Our aim
here is to have a working definition that fits enough observed here is to have a working definition that fits enough observed
incidents so that the IETF community has a basis for starting to work incidents so that the IETF community has a basis for starting to work
on route leak mitigation methods. on route leak mitigation methods.
3. Classification of Route Leaks Based on Documented Events 3. Classification of Route Leaks Based on Documented Events
As illustrated in Figure 1, a common form of route leak occurs when a As illustrated in Figure 1, a common form of route leak occurs when a
multi-homed customer AS (such as AS1 in Figure 1) learns a prefix multi-homed customer AS (such as AS3 in Figure 1) learns a prefix
update from one provider (ISP1) and leaks the update to another update from one provider (ISP1) and leaks the update to another
provider (ISP2) in violation of intended routing policies, and provider (ISP2) in violation of intended routing policies, and
further the second provider does not detect the leak and propagates further the second provider does not detect the leak and propagates
the leaked update to its customers, peers, and transit ISPs. the leaked update to its customers, peers, and transit ISPs.
/\ /\ /\ /\
\ route-leak(P)/ \ route-leak(P)/
\ propagated / \ propagated /
\ / \ /
+------------+ peer +------------+ +------------+ peer +------------+
______| ISP1 (AS2) |----------->| ISP2 (AS3)|----------> ______| ISP1 (AS1) |----------->| ISP2 (AS2)|---------->
/ ------------+ prefix(P) +------------+ route-leak(P) / ------------+ prefix(P) +------------+ route-leak(P)
| prefix | \ update /\ \ propagated | prefix | \ update /\ \ propagated
\ (P) / \ / \ \ (P) / \ / \
------- prefix(P) \ / \ ------- prefix(P) \ / \
update \ / \ update \ / \
\ /route-leak(P) \/ \ /route-leak(P) \/
\/ / \/ /
+---------------+ +---------------+
| customer(AS1) | | customer(AS3) |
+---------------+ +---------------+
Figure 1: Illustration of the basic notion of a route leak. Figure 1: Illustration of the basic notion of a route leak.
We propose the following taxonomy for classification of route leaks We propose the following taxonomy for classification of route leaks
aiming to cover several types of recently observed route leaks, while aiming to cover several types of recently observed route leaks, while
acknowledging that the list is not meant to be exhaustive. In what acknowledging that the list is not meant to be exhaustive. In what
follows, we refer to the AS that announces a route that is in follows, we refer to the AS that announces a route that is in
violation of the intended policies as the "offending AS". violation of the intended policies as the "offending AS".
skipping to change at page 4, line 46 skipping to change at page 4, line 46
accidental (i.e. not malicious). The update basically makes a accidental (i.e. not malicious). The update basically makes a
U-turn at the attacker's multi-homed AS. The attack (accidental U-turn at the attacker's multi-homed AS. The attack (accidental
or deliberate) often succeeds because the second ISP prefers or deliberate) often succeeds because the second ISP prefers
customer announcement over peer announcement of the same prefix. customer announcement over peer announcement of the same prefix.
Data packets would reach the legitimate destination albeit via the Data packets would reach the legitimate destination albeit via the
offending AS, unless they are dropped at the offending AS due to offending AS, unless they are dropped at the offending AS due to
its inability to handle resulting large volumes of traffic. its inability to handle resulting large volumes of traffic.
* Example incidents: Examples of Type 1 route-leak incidents are * Example incidents: Examples of Type 1 route-leak incidents are
(1) the Dodo-Telstra incident in March 2012 [Huston2012], (2) (1) the Dodo-Telstra incident in March 2012 [Huston2012], (2)
the Moratel-PCCW leak of Google prefixes in November 2012 the Moratel-PCCW route leak of Google prefixes in November 2012
[Paseka], and (3) the VolumeDrive-Atrato incident in September [Paseka], (3) the VolumeDrive-Atrato incident in September 2014
2014 [Madory]. [Madory], (4) the Hathway-Airtel route leak of 336 Google
prefixes causing widespread interruption of Google services in
Europe and Asia [Toonk2015-A], and (5) the massive Telekom
Malaysia route-leaks of about 179,000 prefixes, which in turn
Level3 accepted and propagated [Toonk2015-B].
o Type 2 "U-Turn with More Specific Prefix": A multi-homed AS learns o Type 2 "U-Turn with More Specific Prefix": A multi-homed AS learns
a prefix route from one upstream ISP and announces a sub-prefix a prefix route from one upstream ISP and announces a sub-prefix
(subsumed in the prefix) to another upstream ISP. The AS path in (subsumed in the prefix) to another upstream ISP. The AS path in
the update is not altered. Update is crafted by the attacker to the update is not altered. Update is crafted by the attacker to
have a subprefix to maximize the success of the attack while have a subprefix to maximize the success of the attack while
reverse path is kept open by the path poisoning techniques as in reverse path is kept open by the path poisoning techniques as in
[Kapela-Pilosov]. Data packets reach the legitimate destination [Kapela-Pilosov]. Data packets reach the legitimate destination
albeit via the offending AS. albeit via the offending AS.
* Example incidents: An example of Type 2 route-leak incident is * Example incidents: One example is the demo performed at
the demo performed at DEFCON-16 in August 2008 DEFCON-16 in August 2008 [Kapela-Pilosov]. Another example is
[Kapela-Pilosov]. An attacker who deliberately performs a Type the earlier-mentioned incident of route leaks from Telekom
1 route leak (with full prefix) can just as easily perform a Malaysia via Level3, in which out of about 179,000 total route-
Type 2 route leak (with subprefix) to achieve a greater impact. leaked prefixes, about 10,000 were more specifics of previously
announced aggregates [Toonk2015-B]. [Note: An attacker who
deliberately performs a Type 1 route leak (with full prefix)
can just as easily perform a Type 2 route leak (with subprefix)
to achieve a greater impact.]
o Type 3 "Prefix Hijack with Data Path to Legitimate Origin": A o Type 3 "Prefix Mis-Origination with Data Path to Legitimate
multi-homed AS learns a prefix route from one upstream ISP and Origin": A multi-homed AS learns a prefix route from one upstream
announces the prefix to another upstream ISP as if it is being ISP and announces the prefix to another upstream ISP as if it is
originated by it (i.e. strips the received AS path, and re- being originated by it (i.e. strips the received AS path, and re-
originates the prefix). This amounts to straightforward originates the prefix). This amounts to mis-origination or
hijacking. However, somehow (not attributable to the use of path hijacking. However, somehow (not attributable to the use of path
poisoning trick by the attacker) a reverse path is present, and poisoning trick by the attacker) a reverse path is present, and
data packets reach the legitimate destination albeit via the data packets reach the legitimate destination albeit via the
offending AS. But sometimes the reverse path may not be there, offending AS. But sometimes the reverse path may not be there,
and data packets get dropped following receipt by the offending and data packets get dropped following receipt by the offending
AS. AS.
* Example incidents: Examples of Type 3 route leak include (1) * Example incidents: Examples of Type 3 route leak include (1)
the China Telecom incident in April 2010 the China Telecom incident in April 2010
[Hiran][Cowie2010][Labovitz], (2) the Belarusian GlobalOneBel [Hiran][Cowie2010][Labovitz], (2) the Belarusian GlobalOneBel
skipping to change at page 6, line 5 skipping to change at page 6, line 14
leaked announcements are due to some transient failures within the leaked announcements are due to some transient failures within the
AS; they are short-lived, and typically withdrawn quickly AS; they are short-lived, and typically withdrawn quickly
following the announcements. following the announcements.
* Example incidents: Leaks of internal prefix-routes occur * Example incidents: Leaks of internal prefix-routes occur
frequently (e.g. multiple times in a week), and the number of frequently (e.g. multiple times in a week), and the number of
prefixes leaked range from hundreds to thousands per incident. prefixes leaked range from hundreds to thousands per incident.
One highly conspicuous and widely disruptive leak of internal One highly conspicuous and widely disruptive leak of internal
prefixes happened recently in August 2014 when AS701 and AS705 prefixes happened recently in August 2014 when AS701 and AS705
leaked about 22,000 more specifics of already announced leaked about 22,000 more specifics of already announced
aggregates [Huston2014][Toonk]. aggregates [Huston2014][Toonk2014].
o Type 5 "Lateral ISP-ISP-ISP Leak": This type of route leak o Type 5 "Lateral ISP-ISP-ISP Leak": This type of route leak
typically occurs when, for example, three sequential ISP peers typically occurs when, for example, three sequential ISP peers
(e.g. ISP-A, ISP-B and ISP-C) are involved, and ISP-B receives a (e.g. ISP-A, ISP-B and ISP-C) are involved, and ISP-B receives a
prefix-route from ISP-A and in turn leaks it to ISP-C. The prefix-route from ISP-A and in turn leaks it to ISP-C. The
typical routing policy between laterally (i.e. non-hierarchically) typical routing policy between laterally (i.e. non-hierarchically)
peering ISPs is that they should only propagate to each other peering ISPs is that they should only propagate to each other
their respective customer prefixes. their respective customer prefixes.
* Example incidents: In [Mauch-nanog][Mauch], route leaks of this * Example incidents: In [Mauch-nanog][Mauch], route leaks of this
skipping to change at page 7, line 18 skipping to change at page 7, line 27
No security considerations apply since this is a problem definition No security considerations apply since this is a problem definition
document. document.
6. IANA Considerations 6. IANA Considerations
No updates to the registries are suggested by this document. No updates to the registries are suggested by this document.
7. Acknowledgements 7. Acknowledgements
The authors wish to thank Danny McPherson and Eric Osterweil for The authors wish to thank Jared Mauch, Jeff Haas, Warren Kumari,
discussions related to this work. Also, thanks are due to Jared Amogh Dhamdhere, Jakob Heitz, Geoff Huston, Randy Bush, Ruediger
Mauch, Jeff Haas, Warren Kumari, Brian Dickson, Amogh Dhamdhere, Volk, Andrei Robachevsky, Chris Morrow, and Sandy Murphy for
Jakob Heitz, Geoff Huston, Randy Bush, Ruediger Volk, Andrei comments, suggestions, and critique. The authors are also thankful
Robachevsky, Chris Morrow, and Sandy Murphy for comments, to Padma Krishnaswamy, Oliver Borchert, and Okhee Kim for their
suggestions, and critique. The authors are also thankful to Padma comments and review.
Krishnaswamy, Oliver Borchert, and Okhee Kim for their comments and
review.
8. Informative References 8. Informative References
[Cowie2010] [Cowie2010]
Cowie, J., "China's 18 Minute Mystery", Dyn Research/ Cowie, J., "China's 18 Minute Mystery", Dyn Research/
Renesys Blog, November 2010, Renesys Blog, November 2010,
<http://research.dyn.com/2010/11/ <http://research.dyn.com/2010/11/
chinas-18-minute-mystery/>. chinas-18-minute-mystery/>.
[Cowie2013] [Cowie2013]
Cowie, J., "The New Threat: Targeted Internet Traffic Cowie, J., "The New Threat: Targeted Internet Traffic
Misdirection", Dyn Research/Renesys Blog, November 2013, Misdirection", Dyn Research/Renesys Blog, November 2013,
<http://research.dyn.com/2013/11/ <http://research.dyn.com/2013/11/
mitm-internet-hijacking/>. mitm-internet-hijacking/>.
[draft-dickson-sidr-route-leak-def]
Dickson, B., "Route Leaks -- Definitions", IETF Internet
Draft (expired), October 2012,
<https://tools.ietf.org/html/draft-dickson-sidr-route-
leak-def-03>.
[draft-dickson-sidr-route-leak-reqts]
Dickson, B., "Route Leaks -- Requirements for Detection
and Prevention thereof", IETF Internet Draft (expired),
March 2012, <http://tools.ietf.org/html/
draft-dickson-sidr-route-leak-reqts-02>.
[Gao] Gao, L. and J. Rexford, "Stable Internet routing without [Gao] Gao, L. and J. Rexford, "Stable Internet routing without
global coordination", IEEE/ACM Transactions on Networking, global coordination", IEEE/ACM Transactions on Networking,
December 2001, <http://www.cs.princeton.edu/~jrex/papers/ December 2001, <http://www.cs.princeton.edu/~jrex/papers/
sigmetrics00.long.pdf>. sigmetrics00.long.pdf>.
[Gill] Gill, P., Schapira, M., and S. Goldberg, "A Survey of [Gill] Gill, P., Schapira, M., and S. Goldberg, "A Survey of
Interdomain Routing Policies", ACM SIGCOMM Computer Interdomain Routing Policies", ACM SIGCOMM Computer
Communication Review, January 2014, Communication Review, January 2014,
<https://www.cs.bu.edu/~goldbe/papers/survey.pdf>. <https://www.cs.bu.edu/~goldbe/papers/survey.pdf>.
skipping to change at page 8, line 37 skipping to change at page 9, line 10
Internet-Scale Man in the Middle Attack", DEFCON-16 Las Internet-Scale Man in the Middle Attack", DEFCON-16 Las
Vegas, NV, USA, August 2008, Vegas, NV, USA, August 2008,
<https://www.defcon.org/images/defcon-16/dc16- <https://www.defcon.org/images/defcon-16/dc16-
presentations/defcon-16-pilosov-kapela.pdf/>. presentations/defcon-16-pilosov-kapela.pdf/>.
[Khare] Khare, V., Ju, Q., and B. Zhang, "Concurrent Prefix [Khare] Khare, V., Ju, Q., and B. Zhang, "Concurrent Prefix
Hijacks: Occurrence and Impacts", IMC 2012, Boston, MA, Hijacks: Occurrence and Impacts", IMC 2012, Boston, MA,
November 2012, <http://www.cs.arizona.edu/~bzhang/ November 2012, <http://www.cs.arizona.edu/~bzhang/
paper/12-imc-hijack.pdf/>. paper/12-imc-hijack.pdf/>.
[LRL] Khare, V., Ju, Q., and B. Zhang, "Large Route Leaks",
Project web page, 2012,
<http://nrl.cs.arizona.edu/projects/
lsrl-events-from-2003-to-2009/>.
[Labovitz] [Labovitz]
Labovitz, C., "Additional Discussion of the April China Labovitz, C., "Additional Discussion of the April China
BGP Hijack Inciden", Arbor Networks IT Security Blog, BGP Hijack Incident", Arbor Networks IT Security Blog,
November 2010, November 2010,
<http://www.arbornetworks.com/asert/2010/11/additional- <http://www.arbornetworks.com/asert/2010/11/additional-
discussion-of-the-april-china-bgp-hijack-incident/>. discussion-of-the-april-china-bgp-hijack-incident/>.
[LRL] Khare, V., Ju, Q., and B. Zhang, "Large Route Leaks",
Project web page, 2012,
<http://nrl.cs.arizona.edu/projects/
lsrl-events-from-2003-to-2009/>.
[Luckie] Luckie, M., Huffaker, B., Dhamdhere, A., Giotsas, V., and [Luckie] Luckie, M., Huffaker, B., Dhamdhere, A., Giotsas, V., and
kc. claffy, "AS Relationships, Customer Cones, and kc. claffy, "AS Relationships, Customer Cones, and
Validation", IMC 2013, October 2013, Validation", IMC 2013, October 2013,
<http://www.caida.org/~amogh/papers/asrank-IMC13.pdf>. <http://www.caida.org/~amogh/papers/asrank-IMC13.pdf>.
[Madory] Madory, D., "Why Far-Flung Parts of the Internet Broke [Madory] Madory, D., "Why Far-Flung Parts of the Internet Broke
Today", Dyn Research/Renesys Blog, September 2014, Today", Dyn Research/Renesys Blog, September 2014,
<http://research.dyn.com/2014/09/ <http://research.dyn.com/2014/09/
why-the-internet-broke-today/>. why-the-internet-broke-today/>.
skipping to change at page 9, line 25 skipping to change at page 9, line 47
Mauch, J., "Detecting Routing Leaks by Counting", NANOG-41 Mauch, J., "Detecting Routing Leaks by Counting", NANOG-41
Albuquerque, NM, USA, October 2007, Albuquerque, NM, USA, October 2007,
<https://www.nanog.org/meetings/nanog41/presentations/ <https://www.nanog.org/meetings/nanog41/presentations/
mauch-lightning.pdf/>. mauch-lightning.pdf/>.
[Paseka] Paseka, T., "Why Google Went Offline Today and a Bit about [Paseka] Paseka, T., "Why Google Went Offline Today and a Bit about
How the Internet Works", CloudFare Blog, November 2012, How the Internet Works", CloudFare Blog, November 2012,
<http://blog.cloudflare.com/ <http://blog.cloudflare.com/
why-google-went-offline-today-and-a-bit-about/>. why-google-went-offline-today-and-a-bit-about/>.
[Toonk] Toonk, A., "What Caused Today's Internet Hiccup", August [Toonk2014]
Toonk, A., "What caused today's Internet hiccup", August
2014, <http://www.bgpmon.net/ 2014, <http://www.bgpmon.net/
what-caused-todays-internet-hiccup/>. what-caused-todays-internet-hiccup/>.
[Toonk2015-A]
Toonk, A., "What caused the Google service interruption",
March 2015, <http://www.bgpmon.net/
what-caused-the-google-service-interruption/>.
[Toonk2015-B]
Toonk, A., "Massive route leak causes Internet slowdown",
June 2015, <http://www.bgpmon.net/
massive-route-leak-cause-internet-slowdown/>.
[Wijchers] [Wijchers]
Wijchers, B. and B. Overeinder, "Quantitative Analysis of Wijchers, B. and B. Overeinder, "Quantitative Analysis of
BGP Route Leaks", RIPE-69, November 2014, BGP Route Leaks", RIPE-69, November 2014,
<https://ripe69.ripe.net/presentations/157-RIPE-69- <https://ripe69.ripe.net/presentations/157-RIPE-69-
Routing-WG.pdf>. Routing-WG.pdf>.
[Zmijewski] [Zmijewski]
Zmijewski, E., "Indonesia Hijacks the World", Dyn Zmijewski, E., "Indonesia Hijacks the World", Dyn
Research/Renesys Blog, April 2014, Research/Renesys Blog, April 2014,
<http://research.dyn.com/2014/04/ <http://research.dyn.com/2014/04/
skipping to change at page 10, line 4 skipping to change at page 10, line 38
Kotikalapudi Sriram Kotikalapudi Sriram
US NIST US NIST
Email: ksriram@nist.gov Email: ksriram@nist.gov
Doug Montgomery Doug Montgomery
US NIST US NIST
Email: dougm@nist.gov Email: dougm@nist.gov
Danny McPherson Danny McPherson
Verisign, Inc. Verisign, Inc.
Email: dmcpherson@verisign.com Email: dmcpherson@verisign.com
Eric Osterweil Eric Osterweil
Verisign, Inc. Verisign, Inc.
Email: eosterweil@verisign.com Email: eosterweil@verisign.com
Brian Dickson
Twitter, Inc.
Email: bdickson@twitter.com
 End of changes. 23 change blocks. 
52 lines changed or deleted 87 lines changed or added

This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/