[routing-wg] Ensuring RPKI ROAs match your routing intent
- Previous message (by thread): [routing-wg] Ensuring RPKI ROAs match your routing intent
- Next message (by thread): [routing-wg] Ensuring RPKI ROAs match your routing intent
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Gert Doering
gert at space.net
Thu Jun 25 17:09:22 CEST 2020
Hi, On Thu, Jun 25, 2020 at 07:57:54AM -0700, Randy Bush wrote: > you point out a serious concern, when creating a ROA will i do damage? I see a few obvious mistakes - fatfinger the origin AS, turn all my announcements from "unknown" to "invalid" - overlook length restrictions, turn all my more-specifics from "unknown" to "invalid" - overlook valid more-specifics originated from a different origin AS ("multihomed customer using part of my space") > the way the DRL CA gooey has handled this for a decade+ is to have a > full bgp dump and to compare the prospective new ROA to that dump. This sounds like a good plan to avoid both types of mistakes. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: <https://lists.ripe.net/ripe/mail/archives/routing-wg/attachments/20200625/c3e6bf71/attachment.sig>
- Previous message (by thread): [routing-wg] Ensuring RPKI ROAs match your routing intent
- Next message (by thread): [routing-wg] Ensuring RPKI ROAs match your routing intent
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]