nanog mailing list archives

Re: deploying RPKI based Origin Validation

From: Mark Tinka <mark.tinka () seacom mu>
Date: Sat, 14 Jul 2018 06:54:35 +0200



On 13/Jul/18 18:37, Job Snijders wrote:

That is exactly what I mean. Because of the golden rule "most-specific
always wins" (and parts of the AS_PATH are pretty easy to spoof) it
only makes sense to me to completely reject invalid routes.


Exactly my preference, and exactly what we did for 2 years. But in
practice, customers don't really like this, nor does your CFO.

We need mass deployment for this to work effectively, and also a bit
more education for those that sign aggregates but not the more-specifics.

Mark.

Current thread:

deploying RPKI based Origin Validation Job Snijders (Jul 12)
- Re: deploying RPKI based Origin Validation Mark Tinka (Jul 13)
  - Re: deploying RPKI based Origin Validation Job Snijders (Jul 13)
    - Re: deploying RPKI based Origin Validation Mark Tinka (Jul 13)
    - Re: deploying RPKI based Origin Validation Grant Taylor via NANOG (Jul 13)
    - Re: deploying RPKI based Origin Validation Christopher Morrow (Jul 13)
    - Re: deploying RPKI based Origin Validation Job Snijders (Jul 13)
    - Re: deploying RPKI based Origin Validation Mark Tinka (Jul 13)
    - Re: deploying RPKI based Origin Validation Grant Taylor via NANOG (Jul 13)
    - Re: deploying RPKI based Origin Validation Christopher Morrow (Jul 13)
    - Re: deploying RPKI based Origin Validation Mark Tinka (Jul 13)
    - Re: deploying RPKI based Origin Validation Baldur Norddahl (Jul 14)
    - Re: deploying RPKI based Origin Validation Mark Tinka (Jul 14)
    - Re: deploying RPKI based Origin Validation Job Snijders (Jul 16)
    - Re: deploying RPKI based Origin Validation Mark Tinka (Jul 17)
    - Re: deploying RPKI based Origin Validation Job Snijders (Jul 17)
    - Re: deploying RPKI based Origin Validation George Michaelson (Jul 17)
    - Re: deploying RPKI based Origin Validation Mark Tinka (Jul 18)

(Thread continues...)