nanog mailing list archives

Cogent RPKI invalid filtering

From: Robert Blayzor via NANOG <nanog () nanog org>
Date: Mon, 26 Apr 2021 09:29:27 -0400

According to Cloudflares isbgpsafeyet.com, Cogent has been considered"safe" and is filtering invalids.

But I have found that to be untrue (mostly). It appears that some daysthey filter IPv4, sometimes not, and IPv6 invalids are always comingthrough. I know it's Cogent, but curious as to what others are seeing.




invalid.rpki.cloudflare.com has address 103.21.244.15
invalid.rpki.cloudflare.com has address 103.21.244.14
invalid.rpki.cloudflare.com has IPv6 address 2606:4700:7000::6715:f40e
invalid.rpki.cloudflare.com has IPv6 address 2606:4700:7000::6715:f40f



BGP routing table entry for 103.21.244.0/24
  174 13335, (aggregated by 13335 172.69.172.1)

Origin IGP, metric 83040, localpref 100, valid, external, best,group-best, import-candidate

      Community: 174:21101 174:22012


BGP routing table entry for 2606:4700:7000::/48
  174 13335, (aggregated by 13335 172.69.172.1)
    2001:550:2f01:: from 2001:550:2f01:: (66.28.1.115)

Origin IGP, metric 83040, localpref 100, valid, external, best,group-best, import-candidate

      Received Path ID 0, Local Path ID 1, version 1272502628
      Community: 174:21101 174:22012


--
inoc.net!rblayzor
XMPP: rblayzor.AT.inoc.net
PGP:  https://pgp.inoc.net/rblayzor/

Current thread:

Cogent RPKI invalid filtering Robert Blayzor via NANOG (Apr 26)
- Re: Cogent RPKI invalid filtering Job Snijders via NANOG (Apr 26)