nanog mailing list archives
Re: "Is BGP safe yet?" test
From: Andrey Kostin <ankost () podolsk ru>
Date: Thu, 23 Apr 2020 12:37:12 -0400
Vincent Bernat писал 2020-04-22 15:26:
❦ 22 avril 2020 12:51 -04, Andrey Kostin:BTW, has anybody yet thought/looked into extending RPKI-RTR protocol for validation of prefixes received from peer-as to make ingress filtering more dynamic and move away prefix filters from the routers?It could be used as is if the client implementations were a bit more flexible. With BIRD, you decide which AS to match. So you can match on the neighbor AS instead of the origin AS. Then, you can use something likeGoRTR which accepts using JSON files instead of the RPKI as source. BIRDalso allows you to have several ROA tables. So, you can check against the "real" RPKI as well as against your custom IRR-based RPKI.
That's what I meant. So I guess IX operators already can use BIRD on route-servers for prefix filtering. I think it could be useful on hw routers as well.
Kind regards, Andrey
Current thread:
- Re: "Is BGP safe yet?" test, (continued)
- Re: "Is BGP safe yet?" test Baldur Norddahl (Apr 21)
- Re: "Is BGP safe yet?" test Mark Tinka (Apr 21)
- Re: "Is BGP safe yet?" test Matt Corallo via NANOG (Apr 21)
- Re: "Is BGP safe yet?" test Jay R. Ashworth (Apr 22)
- Re: "Is BGP safe yet?" test Andrey Kostin (Apr 22)
- Re: "Is BGP safe yet?" test Danny McPherson (Apr 22)
- Re: "Is BGP safe yet?" test Christopher Morrow (Apr 22)
- Re: "Is BGP safe yet?" test Christopher Morrow (Apr 22)
- Re: "Is BGP safe yet?" test Andrey Kostin (Apr 23)
- Re: "Is BGP safe yet?" test Andrey Kostin (Apr 22)
- Re: "Is BGP safe yet?" test Vincent Bernat (Apr 22)
- Re: "Is BGP safe yet?" test Andrey Kostin (Apr 23)