nanog mailing list archives
Re: AT&T/as7018 now drops invalid prefixes from peers
From: Niels Raijer <niels () fusix nl>
Date: Tue, 12 Feb 2019 09:54:00 +0100
On 12 Feb 2019, at 01:52, Jay Borkenhagen <jayb () braeburn org> wrote:
We got some very good advice watching this video from your most recent NLNOG day: https://www.youtube.com/watch?v=vrzl__yGqLE ... but there is one place where I disagree with Niels.
You’re of course welcome to do so :-)
He advised against lowering the local-pref of invalid routes. I agree that this should not be anyone's target policy, but it is a useful step along the way. To set invalid routes a lower local-pref, one needs to establish RTR sessions from routers to relying party servers, and to configure a policy that takes validation state into account.
I agree that this is a good approach for taking first steps into the RPKI world and I would not discourage a lower local preference as a first stage. As long as we’re on the same page about invalid == reject being the intended end result.
In short: C'mon in! The water's fine! :-)
As a competitive swimmer I couldn’t agree more! -- Niels Raijer niels () fusix nl
Current thread:
- AT&T/as7018 now drops invalid prefixes from peers Jay Borkenhagen (Feb 11)
- Re: AT&T/as7018 now drops invalid prefixes from peers Ca By (Feb 11)
- Re: AT&T/as7018 now drops invalid prefixes from peers i3D . net - Martijn Schmidt (Feb 11)
- Re: AT&T/as7018 now drops invalid prefixes from peers Job Snijders (Feb 11)
- Re: AT&T/as7018 now drops invalid prefixes from peers Jay Borkenhagen (Feb 11)
- Re: AT&T/as7018 now drops invalid prefixes from peers Niels Raijer (Feb 12)
- Re: AT&T/as7018 now drops invalid prefixes from peers Matthew Walster (Feb 12)
- Re: AT&T/as7018 now drops invalid prefixes from peers Nick Hilliard (Feb 12)
- Re: AT&T/as7018 now drops invalid prefixes from peers Denis Fondras (Feb 12)
- Re: AT&T/as7018 now drops invalid prefixes from peers Job Snijders (Feb 12)
- Re: AT&T/as7018 now drops invalid prefixes from peers Matthew Walster (Feb 12)
- Re: AT&T/as7018 now drops invalid prefixes from peers Nick Hilliard (Feb 12)
- Re: AT&T/as7018 now drops invalid prefixes from peers Michael Hallgren (Feb 12)
- Re: AT&T/as7018 now drops invalid prefixes from peers Job Snijders (Feb 12)
- Re: AT&T/as7018 now drops invalid prefixes from peers Matthew Walster (Feb 12)
- Re: AT&T/as7018 now drops invalid prefixes from peers Owen DeLong (Feb 13)
- Re: AT&T/as7018 now drops invalid prefixes from peers Jay Borkenhagen (Feb 11)