nanog mailing list archives

Re: AT&T/as7018 now drops invalid prefixes from peers

From: Owen DeLong <owen () delong com>
Date: Tue, 12 Feb 2019 10:39:48 -0800

To be clear, I don’t believe they are dropping all routes which don’t validate (have no ROAs), only routes where the 
prefix matches an existing ROA and the origin AS in the AS PATH does not match.

Owen

On Feb 12, 2019, at 10:20 , John Sweeting <jsweeting () arin net> wrote:

From: TJ Trout <tj () fdisturlock com <mailto:tj () fdisturlock com>>
Date: Monday, February 11, 2019 at 6:49 PM
To: <valdis.kletnieks () vt edu <mailto:valdis.kletnieks () vt edu>>
Cc: Jay Borkenhagen <jayb () braeburn org <mailto:jayb () braeburn org>>, nanog <nanog () nanog org <mailto:nanog () 
nanog org>>
Subject: Re: AT&T/as7018 now drops invalid prefixes from peers

How does one register their routes in the Rpki? If the routes are in the Arin database under the proper company name 
is that sufficient? *Ducks*

TJ and all,

To participate in RPKI with ARIN, your organization would need to have Internet number resources directly registered 
and those Internet number resources must be covered under a Registration Services Agreement (RSA) or a Legacy RSA.  
In addition, participation in RPKI will require that you have an ARIN Online account, linked to an Admin or Tech 
Point of Contact (POC) on the Organization Identifier (Org ID) that contains the Internet number resources to be 
certified. 

Our “Resource Public Key Infrastructure (RPKI)” is a great jumping off point to get started with certifying your 
Internet number resources. 

If you would like any assistance verifying your eligibility for RPKI participation or would like additional 
information on getting started with RPKC, please call our Registration Services Helpdesk at 703.227.0660.  Our hours 
of operation are Monday – Friday, from 7:00 am to 7:00 pm eastern time. 

On Mon, Feb 11, 2019, 3:09 PM <valdis.kletnieks () vt edu <mailto:valdis.kletnieks () vt edu> wrote:
On Mon, 11 Feb 2019 09:53:45 -0500, Jay Borkenhagen said:

The AT&T/as7018 network is now dropping all RPKI-invalid route
announcements that we receive from our peers.


Congrats!

Are you able to comment on what amount of routes are getting dropped?

Current thread:

Re: AT&T/as7018 now drops invalid prefixes from peers, (continued)
- - - Re: AT&T/as7018 now drops invalid prefixes from peers Owen DeLong (Feb 13)
- Re: AT&T/as7018 now drops invalid prefixes from peers Patrick W. Gilmore (Feb 11)
- Re: AT&T/as7018 now drops invalid prefixes from peers Compton, Rich A (Feb 11)
  - Re: AT&T/as7018 now drops invalid prefixes from peers Jay Borkenhagen (Feb 11)
    - Re: AT&T/as7018 now drops invalid prefixes from peers Alex Band (Feb 12)
    - Re: AT&T/as7018 now drops invalid prefixes from peers Jay Borkenhagen (Feb 14)
- Re: AT&T/as7018 now drops invalid prefixes from peers Melchior Aelmans (Feb 11)
- Re: AT&T/as7018 now drops invalid prefixes from peers valdis . kletnieks (Feb 11)
  - Re: AT&T/as7018 now drops invalid prefixes from peers Jay Borkenhagen (Feb 11)
  - Message not available
    - Message not available
    - Re: AT&T/as7018 now drops invalid prefixes from peers John Sweeting (Feb 12)
    - Re: AT&T/as7018 now drops invalid prefixes from peers Owen DeLong (Feb 12)
    - Re: AT&T/as7018 now drops invalid prefixes from peers Job Snijders (Feb 12)
- Re: AT&T/as7018 now drops invalid prefixes from peers Mark Tinka (Feb 11)