nanog mailing list archives
Re: AT&T/as7018 now drops invalid prefixes from peers
From: Denis Fondras <xxnog () ledeuns net>
Date: Tue, 12 Feb 2019 16:09:36 +0100
On Tue, Feb 12, 2019 at 03:05:28PM +0000, Nick Hilliard wrote:
Matthew Walster wrote on 12/02/2019 14:50:For initial deployment, this can seem attractive, but remember that one of the benefits an ROA gives is specifying the maximum prefix length. This means that someone can't hijack a /23 with a /24.they can if they forge the source ASN. RPKI helps against misconfigs rather than intentional hijackings.
Only if you specify a a minlen of /23 and a maxlen of /24 and you only announce a /23. Which you should not.
Current thread:
- AT&T/as7018 now drops invalid prefixes from peers Jay Borkenhagen (Feb 11)
- Re: AT&T/as7018 now drops invalid prefixes from peers Ca By (Feb 11)
- Re: AT&T/as7018 now drops invalid prefixes from peers i3D . net - Martijn Schmidt (Feb 11)
- Re: AT&T/as7018 now drops invalid prefixes from peers Job Snijders (Feb 11)
- Re: AT&T/as7018 now drops invalid prefixes from peers Jay Borkenhagen (Feb 11)
- Re: AT&T/as7018 now drops invalid prefixes from peers Niels Raijer (Feb 12)
- Re: AT&T/as7018 now drops invalid prefixes from peers Matthew Walster (Feb 12)
- Re: AT&T/as7018 now drops invalid prefixes from peers Nick Hilliard (Feb 12)
- Re: AT&T/as7018 now drops invalid prefixes from peers Denis Fondras (Feb 12)
- Re: AT&T/as7018 now drops invalid prefixes from peers Job Snijders (Feb 12)
- Re: AT&T/as7018 now drops invalid prefixes from peers Matthew Walster (Feb 12)
- Re: AT&T/as7018 now drops invalid prefixes from peers Nick Hilliard (Feb 12)
- Re: AT&T/as7018 now drops invalid prefixes from peers Michael Hallgren (Feb 12)
- Re: AT&T/as7018 now drops invalid prefixes from peers Job Snijders (Feb 12)
- Re: AT&T/as7018 now drops invalid prefixes from peers Matthew Walster (Feb 12)
- Re: AT&T/as7018 now drops invalid prefixes from peers Owen DeLong (Feb 13)
- Re: AT&T/as7018 now drops invalid prefixes from peers Jay Borkenhagen (Feb 11)
- Re: AT&T/as7018 now drops invalid prefixes from peers Jay Borkenhagen (Feb 11)