[routing-wg] looking for online RPKI dashboard / looking glass?
Gert Doering gert at space.net
Wed May 2 20:07:16 CEST 2018
Hi, On Tue, May 01, 2018 at 03:33:22PM -0400, Jay Borkenhagen wrote: > I know it's not precisely what you were asking for, but RPKI origin > validation is configured on our route-server.ip.att.net, freely > accessible via telnet. > > You could run something like: > > show route aspath-regex ".*5539.*" terse active-path | match / > > I just ran that command and I see some prefixes validating in all > three categories: Valid, Invalid, and Not Found. Thanks, this is also useful information. > Of course, this method is influenced significantly by how the as7018 > network learns routes that pass through as5539: if our best path to > some destination does not come via 5539, it won't show up using this > method. Indeed :-) The information I was looking for is nicely visible, though... and what I was afraid I'd see... too much "N". The only "I" is something I was aware but had forgotten about ;-) - a sink-a-more-specific-/24 test that nicely exposes the problem of "strict /22" ROAs. thanks! Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: <https://lists.ripe.net/ripe/mail/archives/routing-wg/attachments/20180502/ad1b3c2a/attachment.sig>