Re: Level 3's IRR Database

[Christopher Morrow <morrowc.lists () gmail com>]

On Mon, Jan 31, 2011 at 1:17 PM, Andree Toonk <andree+nanog () toonk nl> wrote:
> Hi Randy,
>
> .-- My secret spy satellite informs me that at 11-01-30 11:18 PM  Randy Bush
> wrote:
>
> > so i am not sure what your point is.  please clarify with a concrete
> > example.
>
> Adjusting a route's degree of preference in the selection algorithm based on
> its validation state only works if it's exactly the same prefix.
>
> Jack already sort of explained what I meant, but here's an example
>
> Assume that youtube's prefix had a roa like this
> Origin ASN:     AS36561
> Prefixes:       208.65.152.0/22
>
> Now AS17557 start to announce a more specific: 208.65.153.0/24. Validators
> would classify this as Invalid (2).
> If we would only use local-prefs, routers would still choose to send it to
> AS17557 (Pakistan Telecom) as it's a more specific.
>
> So in cases where the invalid announcement is a more specific, the only way
> to prevent 'hijacks' is to actually drop these 'invalid' announcement from
> day one.
>
> I understand this is by design, but I can imagine some operators will be
> reluctant to actually drop routes when they start testing RPKI deployments
> in their networks.

yes, but what is the way forward?