nanog mailing list archives

A few questions regarding about RPKI/invalids


From: Drew Weaver <drew.weaver () thenap com>
Date: Wed, 30 Mar 2022 13:29:25 +0000

Hello,

We've noticed that there are a number of routes being passed along from 3356 with invalid origin AS.

Of those, almost all of them are being passed to 3356 from 3549 (legacy Global Crossing) and there is no valid path 
available for any of these prefixes (at least according to the ROA).

Ex 45.176.191.0/24   3356 3549 11172 270150

RPKI ROA entry for 45.176.191.0/24-24
  Origin-AS: 265621

Two questions:

First, are you also seeing this on this specific route?

Second, is there a certain number of "expected" invalid routes? (not including unknowns)

Third, how are you handling specifically the large number of routes from 3356 3549 which invalid origin AS? Are you 
just "letting the bodies hit the floor"? or are you carving those out somehow?

I'm mostly just curious what other members of the community are seeing/doing in regards to this.

Thanks,
-Drew








Current thread: