[routing-wg] RPKI Invalid == Reject policies on the AS 3333 EBGP border
- Previous message (by thread): [routing-wg] RPKI Invalid == Reject policies on the AS 3333 EBGP border
- Next message (by thread): [routing-wg] Weekly Routing Table Report
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Job Snijders
job at fastly.com
Thu Apr 1 12:50:41 CEST 2021
Dear W. Boot, On Thu, Apr 01, 2021 at 12:38:27PM +0200, W. Boot wrote: > Would "invalid" also include unsigned space? No. By definition, unsigned space can never ever be "RPKI invalid". In order for any BGP route to be marked as "RPKI invalid", a RPKI ROA _MUST_ exist. Without covering ROAs, BGP routes cannot be "RPKI invalid". > If it does, that might lead to legacy space or networks getting space > through certain NIRs to be accidentally being blocked by whomever > relying on this, unless these blocks can be exempt from inclusion? Luckily it doesn't! :-) Operators who use RPKI to perform BGP Route Origin Validation, do so to to detect & reject invalid routes. As mentioned above, BGP routes can only be recognized as 'invalid' if and only if a covering ROA exists. Complete and simple configuration examples can be found here: http://bgpfilterguide.nlnog.net/guides/reject_invalids/ By exclusively focussing on "RPKI invalid" BGP routes, RPKI ROV is incrementally deployable. Incremental deployability is a key factor. Kind regards, Job
- Previous message (by thread): [routing-wg] RPKI Invalid == Reject policies on the AS 3333 EBGP border
- Next message (by thread): [routing-wg] Weekly Routing Table Report
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]