nanog mailing list archives
RE: deploying RPKI based Origin Validation
From: Michel Py <michel.py () tsisemi com>
Date: Wed, 18 Jul 2018 20:16:15 +0000
Job Snijders wrote : Can you elaborate what routers with what software you are using? It surprises me a bit to find routers anno 2018 which can't do OV in some shape or form.
They're not anno 2018 ! Cisco 3900 with 4 Gigs. Good enough for me, with the current growth of the DFZ I may have 10 years left before I need to upgrade. Probably will upgrade before that caused to bandwidth, but as of now works good enough for me and upgrading just to get OV is going to be a tough sell.
What do I have left : using a subset of RPKI as a blackhole :-(If you implement 'invalid == blackhole', and cannot do normal OV - it seems to me that you'll be blackholing the actual victim of a BGP hijack? That would seem counter-productive.
I would indeed, but the intent was a subset of invalid : the invalid prefixes that nobody _but_ the hijacker anounces, so blackholing does not hurt the real owner. In other words : un-announced prefixes that have been hijacked. These are not into bogon lists because they are real. Now I have no illusions : this is not going to solve the world's problems, how many of these are actually announced and how will that play in the longer term are questionable, but would not that be worth a quick shot at it ? Michel.
Current thread:
- Re: deploying RPKI based Origin Validation, (continued)
- Re: deploying RPKI based Origin Validation Mark Tinka (Jul 14)
- Re: deploying RPKI based Origin Validation Job Snijders (Jul 16)
- Re: deploying RPKI based Origin Validation Mark Tinka (Jul 17)
- Re: deploying RPKI based Origin Validation Job Snijders (Jul 17)
- Re: deploying RPKI based Origin Validation George Michaelson (Jul 17)
- Re: deploying RPKI based Origin Validation Mark Tinka (Jul 18)
- RE: deploying RPKI based Origin Validation Michel Py (Jul 17)
- Re: deploying RPKI based Origin Validation Mark Tinka (Jul 18)
- RE: deploying RPKI based Origin Validation Michel Py (Jul 18)
- Re: deploying RPKI based Origin Validation Job Snijders (Jul 18)
- RE: deploying RPKI based Origin Validation Michel Py (Jul 18)
- Re: deploying RPKI based Origin Validation Randy Bush (Jul 18)
- Re: deploying RPKI based Origin Validation Job Snijders (Jul 18)
- Re: deploying RPKI based Origin Validation Mark Tinka (Jul 18)
- Re: deploying RPKI based Origin Validation Mark Tinka (Jul 18)
- RE: deploying RPKI based Origin Validation Michel Py (Jul 19)
- Re: deploying RPKI based Origin Validation Mark Tinka (Jul 19)
- Message not available
- Re: deploying RPKI based Origin Validation Job Snijders (Jul 27)
- Re: deploying RPKI based Origin Validation Alex Band (Jul 27)
- Re: deploying RPKI based Origin Validation Mark Tinka (Jul 13)
- Re: deploying RPKI based Origin Validation Mark Tinka (Jul 13)