nanog mailing list archives

Re: Reaching out to ARIN members about their RPKI INVALID prefixes

From: Baldur Norddahl <baldur.norddahl () gmail com>
Date: Thu, 20 Sep 2018 18:56:43 +0200

tor. 20. sep. 2018 02.56 skrev Owen DeLong <owen () delong com>:


Again, unless you can trust the data in the IRR to build a complete list
of valid AS Paths from the ORIGIN, you can’t safely reject a fake route
that has the correct prepend.



Or you can have each hob validate. For example if HE.net did RPKI
validation, it would be effective due to their large number of peerings. If
my network has HE.net as one of my uplinks, someone might fake the route
via one of my other uplinks, but we would not pick that route due to longer
AS path.

Regards

Baldur

Current thread:

Re: Reaching out to ARIN members about their RPKI INVALID prefixes, (continued)
- - - Re: Reaching out to ARIN members about their RPKI INVALID prefixes Job Snijders (Sep 19)
    - Re: Reaching out to ARIN members about their RPKI INVALID prefixes Christopher Morrow (Sep 19)
    - Re: Reaching out to ARIN members about their RPKI INVALID prefixes Owen DeLong (Sep 19)
    - Re: Reaching out to ARIN members about their RPKI INVALID prefixes Job Snijders (Sep 18)
    - Re: Reaching out to ARIN members about their RPKI INVALID prefixes Owen DeLong (Sep 18)
    - Re: Reaching out to ARIN members about their RPKI INVALID prefixes Job Snijders (Sep 18)
    - Re: Reaching out to ARIN members about their RPKI INVALID prefixes Owen DeLong (Sep 18)
    - Re: Reaching out to ARIN members about their RPKI INVALID prefixes Christopher Morrow (Sep 18)
    - Re: Reaching out to ARIN members about their RPKI INVALID prefixes Owen DeLong (Sep 19)
    - Re: Reaching out to ARIN members about their RPKI INVALID prefixes Jared Mauch (Sep 19)
    - Re: Reaching out to ARIN members about their RPKI INVALID prefixes Baldur Norddahl (Sep 20)
    - Re: Reaching out to ARIN members about their RPKI INVALID prefixes Joe Provo (Sep 19)
    - Re: Reaching out to ARIN members about their RPKI INVALID prefixes Owen DeLong (Sep 18)
  - Re: Reaching out to ARIN members about their RPKI INVALID prefixes nusenu (Sep 19)
    - Re: Reaching out to ARIN members about their RPKI INVALID prefixes Christopher Morrow (Sep 19)
    - Re: Reaching out to ARIN members about their RPKI INVALID prefixes Job Snijders (Sep 19)
    - Re: Reaching out to ARIN members about their RPKI INVALID prefixes Christopher Morrow (Sep 19)
    - RE: Reaching out to ARIN members about their RPKI INVALID prefixes Phil Lavin (Sep 19)
    - Re: Reaching out to ARIN members about their RPKI INVALID prefixes Christopher Morrow (Sep 19)
    - Re: Reaching out to ARIN members about their RPKI INVALID prefixes Alex Band (Sep 19)
    - Re: Reaching out to ARIN members about their RPKI INVALID prefixes nusenu (Sep 19)

(Thread continues...)