nanog mailing list archives
Re: "Is BGP safe yet?" test
From: Vincent Bernat <bernat () luffy cx>
Date: Wed, 22 Apr 2020 21:26:10 +0200
❦ 22 avril 2020 12:51 -04, Andrey Kostin:
BTW, has anybody yet thought/looked into extending RPKI-RTR protocol for validation of prefixes received from peer-as to make ingress filtering more dynamic and move away prefix filters from the routers?
It could be used as is if the client implementations were a bit more flexible. With BIRD, you decide which AS to match. So you can match on the neighbor AS instead of the origin AS. Then, you can use something like GoRTR which accepts using JSON files instead of the RPKI as source. BIRD also allows you to have several ROA tables. So, you can check against the "real" RPKI as well as against your custom IRR-based RPKI. -- Choose variable names that won't be confused. - The Elements of Programming Style (Kernighan & Plauger)
Current thread:
- Re: "Is BGP safe yet?" test, (continued)
- Re: "Is BGP safe yet?" test Warren Kumari (Apr 22)
- Re: "Is BGP safe yet?" test Baldur Norddahl (Apr 21)
- Re: "Is BGP safe yet?" test Mark Tinka (Apr 21)
- Re: "Is BGP safe yet?" test Matt Corallo via NANOG (Apr 21)
- Re: "Is BGP safe yet?" test Jay R. Ashworth (Apr 22)
- Re: "Is BGP safe yet?" test Andrey Kostin (Apr 22)
- Re: "Is BGP safe yet?" test Danny McPherson (Apr 22)
- Re: "Is BGP safe yet?" test Christopher Morrow (Apr 22)
- Re: "Is BGP safe yet?" test Christopher Morrow (Apr 22)
- Re: "Is BGP safe yet?" test Andrey Kostin (Apr 23)
- Re: "Is BGP safe yet?" test Andrey Kostin (Apr 22)
- Re: "Is BGP safe yet?" test Vincent Bernat (Apr 22)
- Re: "Is BGP safe yet?" test Andrey Kostin (Apr 23)