nanog mailing list archives
Re: question about enabling RPKI using Hosted mode
From: Edvinas Kairys <edvinas.email () gmail com>
Date: Tue, 26 Oct 2021 10:11:14 +0300
thanks, will keep in mind. Also, about ROA expirations is it possible to configure an automatic ROA extension after it's expires ? On Tue, Oct 26, 2021 at 12:35 AM Job Snijders <job () fastly com> wrote:
Dear Edvinas, On Mon, Oct 25, 2021 at 11:49:09PM +0300, Edvinas Kairys wrote:We're thinking of enabling BGP ROA, because more and more ISPs are using strict RPKI mode. Does enabling Hosted Mode (where it doesn't requires any additional configuration on client end) on RPKI could for some reason could cause a traffic loss ? The only disasterious scenario i could think of, is if we would enableROAwith incorrect sub prefixes, maximum prefix length. Am i Right ?I think you correctly identified most of the potential pitfalls. Another pitfall might be when a typo in the Origin AS value slips into the RPKI ROA. For example, I originate 2001:67c:208c::/48 in the DFZ from AS 15562. Should I'd accidentally modify the covering ROA to only permit AS 15563, the planet's connectivity towards 2001:67c:208c::/48 would become spotty. So... - BEFORE - creating RPKI ROAs, I recommend setting up a BGP/RPKI monitoring tool. NTT's excellent BGPAlerter might be useful in this context: https://github.com/nttgin/BGPalerter Don't deploy things without monitoring! :-) Kind regards, Job
Current thread:
- question about enabling RPKI using Hosted mode Edvinas Kairys (Oct 25)
- Re: question about enabling RPKI using Hosted mode Job Snijders via NANOG (Oct 25)
- Re: question about enabling RPKI using Hosted mode Edvinas Kairys (Oct 26)
- Re: question about enabling RPKI using Hosted mode Dale W. Carder (Oct 26)
- Re: question about enabling RPKI using Hosted mode Edvinas Kairys (Oct 27)
- Re: question about enabling RPKI using Hosted mode Edvinas Kairys (Oct 26)
- Re: question about enabling RPKI using Hosted mode Job Snijders via NANOG (Oct 25)