nanog mailing list archives
Re: ROVv6 does not behave the same way as ROVv4: What rookie mistake(s) did I make?
From: Douglas Fischer <fischerdouglas () gmail com>
Date: Tue, 2 Mar 2021 12:09:27 -0300
Based on the difficulties I have already experienced, I would bet on some default route (or for example 2001::/16) statically placed on your FIB pointing to an Upstream. Or even the simple absence of the default route (::/0) pointing to null. Em ter., 2 de mar. de 2021 às 11:21, Pirawat WATANAPONGSE via NANOG < nanog () nanog org> escreveu:
Dear all, We just turned on our RPKI Route Origin Validation yesterday, then something weird happened: [Reference: We are running NLnet Labs’ Routinator 3000, feeding a Cisco ASR 1000 Series router. I know, I know, we haven’t started a second validator yet.] When we tested against the two testers: https://sg-pub.ripe.net/jasper/rpki-web-test/ and https://isbgpsafeyet.com/ the IPv4-only net-segment passed with flying color. [by the way, very sneaky you Cloudflare, registering the invalid block to the AS0 is a nice touch; I had to configure the router to really drop the invalid routes instead of just lowering their preference. Good show, mate!] However, when we tested on dual-stack net-segment, the first test passed, but Cloudflare invalids sneak through on the IPv6 side, causing the second test to fail. So, here comes the question: What rookie mistake(s) did I make? IPv4 and IPv6 configuration are supposed to be symmetry, right? Or did I miss something? And since I already start asking: For a “second validator”, which choice is better: second copy of the same software, or different software altogether? Thanks in advance for all comments and advices, -- Pirawat.
-- Douglas Fernando Fischer Engº de Controle e Automação
Current thread:
- ROVv6 does not behave the same way as ROVv4: What rookie mistake(s) did I make? Pirawat WATANAPONGSE via NANOG (Mar 02)
- Re: ROVv6 does not behave the same way as ROVv4: What rookie mistake(s) did I make? Douglas Fischer (Mar 02)
- Re: ROVv6 does not behave the same way as ROVv4: What rookie mistake(s) did I make? Lukas Tribus (Mar 03)
- Re: ROVv6 does not behave the same way as ROVv4: What rookie mistake(s) did I make? heasley (Mar 04)