nanog mailing list archives
Re: CloudFlare issues?
From: Ben Maddison via NANOG <nanog () nanog org>
Date: Thu, 4 Jul 2019 15:50:47 +0000
Hi Francois, On Thu, 2019-07-04 at 17:33 +0200, Job Snijders wrote:
Dear Francois, On Thu, Jul 04, 2019 at 03:22:23PM +0000, Francois Lecavalier wrote:At this point in time I think the ideal deployment model is to perform the validation within your administrative domain and run your own validators.
+1
But I also have a question for all the ROA folks out there. So far we are not taking any action other than lowering the local-pref - we want to make sure this is stable before we start denying prefixes. So the question, is it safe as of this date to : 1.Accept valid, 2. Accept unknown, 3. Reject invalid? Have any large network who implemented it dealt with unreachable destinations? I'm wondering as I haven't found any blog mentioning anything in this regard and ClouFlare docs only shows example for valid and invalid, but nothing for unknown.
We have been dropping Invalids since April, and have had only a (single-digit) handful of support requests related to those becoming unreachable. The larger challenge has been related to vendor implementation choices and bugs, particularly on ios-xe. Happy to go into more detail if anyone is interested. I would recommend *not* taking any policy action that distinguishes Valid from Unknown. If you find that you have routes for the same prefix/len with both statuses, then that is a bug and/or misconfiguration which you could turn into a loop by taking policy action on that difference. Cheers, Ben
Current thread:
- Re: CloudFlare issues?, (continued)
- Re: CloudFlare issues? i3D.net - Martijn Schmidt via NANOG (Jul 04)
- Re: CloudFlare issues? Sandra Murphy (Jul 05)
- Re: CloudFlare issues? i3D.net - Martijn Schmidt via NANOG (Jul 05)
- Re: CloudFlare issues? Sandra Murphy (Jul 05)
- Re: CloudFlare issues? Brett Frankenberger (Jul 06)
- Re: CloudFlare issues? Matt Corallo (Jul 06)
- Re: CloudFlare issues? Matt Corallo (Jul 06)
- Re: CloudFlare issues? Mark Tinka (Jul 07)
- Re: CloudFlare issues? Mark Tinka (Jul 07)
- Re: CloudFlare issues? Matt Corallo (Jul 06)
- Re: CloudFlare issues? Francois Lecavalier (Jul 04)
- Re: CloudFlare issues? Job Snijders (Jul 04)
- Re: CloudFlare issues? Ben Maddison via NANOG (Jul 04)
- Re: CloudFlare issues? Mark Tinka (Jul 04)
- RE: CloudFlare issues? Francois Lecavalier (Jul 04)
- Re: CloudFlare issues? Ben Maddison via NANOG (Jul 04)
- Re: CloudFlare issues? Job Snijders (Jul 04)
- Re: CloudFlare issues? Job Snijders (Jul 04)
- Re: CloudFlare issues? Mark Tinka (Jul 04)
- Re: CloudFlare issues? Mark Tinka (Jul 04)
- Re: CloudFlare issues? Job Snijders (Jul 04)
- Re: CloudFlare issues? i3D.net - Martijn Schmidt via NANOG (Jul 04)
- Re: CloudFlare issues? Mark Tinka (Jul 04)