nanog mailing list archives
Cogent RPKI invalid filtering
From: Robert Blayzor via NANOG <nanog () nanog org>
Date: Mon, 26 Apr 2021 09:29:27 -0400
According to Cloudflares isbgpsafeyet.com, Cogent has been considered "safe" and is filtering invalids.
But I have found that to be untrue (mostly). It appears that some days they filter IPv4, sometimes not, and IPv6 invalids are always coming through. I know it's Cogent, but curious as to what others are seeing.
invalid.rpki.cloudflare.com has address 103.21.244.15 invalid.rpki.cloudflare.com has address 103.21.244.14 invalid.rpki.cloudflare.com has IPv6 address 2606:4700:7000::6715:f40e invalid.rpki.cloudflare.com has IPv6 address 2606:4700:7000::6715:f40f BGP routing table entry for 103.21.244.0/24 174 13335, (aggregated by 13335 172.69.172.1)Origin IGP, metric 83040, localpref 100, valid, external, best, group-best, import-candidate
Community: 174:21101 174:22012 BGP routing table entry for 2606:4700:7000::/48 174 13335, (aggregated by 13335 172.69.172.1) 2001:550:2f01:: from 2001:550:2f01:: (66.28.1.115)Origin IGP, metric 83040, localpref 100, valid, external, best, group-best, import-candidate
Received Path ID 0, Local Path ID 1, version 1272502628 Community: 174:21101 174:22012 -- inoc.net!rblayzor XMPP: rblayzor.AT.inoc.net PGP: https://pgp.inoc.net/rblayzor/
Current thread:
- Cogent RPKI invalid filtering Robert Blayzor via NANOG (Apr 26)
- Re: Cogent RPKI invalid filtering Job Snijders via NANOG (Apr 26)