nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: deploying RPKI based Origin Validation

From: Job Snijders <job () ntt net>
Date: Wed, 18 Jul 2018 19:47:00 +0000
On Wed, Jul 18, 2018 at 07:30:48PM +0000, Michel Py wrote:

Not in lieu, but when deploying RPKI is not (yet) possible.  My
routers are not RPKI capable, upgrading will take years (I'm not going
to upgrade just because I want RPKI).


Can you elaborate what routers with what software you are using? It
surprises me a bit to find routers anno 2018 which can't do OV in some
shape or form.


What do I have left : using a subset of RPKI as a blackhole :-(


If you implement 'invalid == blackhole', and cannot do normal OV - it
seems to me that you'll be blackholing the actual victim of a BGP
hijack? That would seem counter-productive.

Kind regards,

Job
Previous By Date Next
Previous By Thread Next

Current thread: