nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: deploying RPKI based Origin Validation

From: Mark Tinka <mark.tinka () seacom mu>
Date: Tue, 17 Jul 2018 13:27:09 +0200


On 16/Jul/18 17:26, Job Snijders wrote:


I calculated this here few days ago
http://instituut.net/~job/rpki-report-2018.07.12.txt

Markus Weber from KPN is generating a daily report here and drew similar
conclusions: https://as286.net/data/ana-invalids.txt Markus scrapes all
routes from the AS 286 PEs and marks the routes for which no valid or
unknown alternative exists as "altpfx=NONE".


Thanks. Protein.

So the numbers are not that far off from when I last checked this back
in 2016, i.e., less than 1% of the total IPv4 routing table.

Do you have numbers for IPv6, out of interest?



Or delete the incorrect RPKI ROA. Either way is fine.


That would work, but the risk with that then is trying to get those
networks back into RPKI would be more difficult, and if they do, chances
are that the folk that were pushing it would have since left the
company, making our education efforts a lot more difficult.

So I'd be for pushing these folk to ROA the more-specifics, which is
just a click of a button in their RIR's system.



Perhaps the RIRs should start an outreach program to proactively inform
the owners of those 2,200 invalid route announcements to get them to
either fix...


I would be in support of this, and would certainly work very closely
with AFRINIC to fix our side of things.

Happy to also do a co-preso paper with you during EPF in Athens for the
RIPE side of things.

If you'll be in Vancouver, we can do the same for the ARIN side.

I'm at MyNOG next week, and can speak to the folk from APNIC that will
be showing up about this as well.

That leaves LACNIC.

Mark.
Previous By Date Next
Previous By Thread Next

Current thread: