nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Starting to Drop Invalids for Customers

From: Randy Bush <randy () psg com>
Date: Mon, 16 Dec 2019 13:49:19 -0800
[ found in old emacs buffer.  might have already been sent ]


Invalid according to RPKI or IRR? Or both?


In this context the use of the word “invalid” refers to the result of
validation procedure described in RFC 6811 - which is to match received BGP
updates to the RPKI and attach either of “valid”, “invalid”, or “not-found”.

In IRR, the challenge has always been that “route:” objects describe a
state of the network that may exist, but the semantics of “route:” objects
don’t allow extrapolation towards what should definitely *not* exist in the
BGP Default-Free Zone.

RPKI ROAs (compared to IRR objects) carry different meaning: the existence
of a ROA (both by definition and common implementation) supersedes other
data sources (IRR, LOAs, or comments in whois records, etc), and as such
can be used on any type of EBGP session for validation of the received
Internet routing information.


do not disagree with your pedantry.  but ...

as i am pretty sure arturo knows all that.  i suspect he was wondering
if mark is gonna throw irr data in the mix the way chris says google
will (or does?).  and if so, how?  seems a useful question.

irr acls scale poorly in routers.  but mark said customer-facing, which
could be reasonable depending on the platform.  e.g. ntt uses irr-based
acls toward customers.

but i am cheered if mark is dropping rpki-based origin validation
invalids.  it's a big step.

randy
Previous By Date Next
Previous By Thread Next

Current thread: