nanog mailing list archives
Re: Analysing traffic in context of rejecting RPKI invalids using pmacct
From: Steve Meuse <smeuse () mara org>
Date: Mon, 11 Mar 2019 17:37:09 -0400
On Tue, Feb 12, 2019 at 1:15 PM Job Snijders <job () ntt net> wrote:
ps. Dear Kentik & Deepfield, please copy+paste this feature! We'll happily share development notes with you, you can even look at pmacct's source code for inspiration. :-)
Thanks Job, I just wanted to reach back out to you and the NANOG community that we've implemented this feature. Currently Kentik can match flow data with the following validation state: - VALID = Prefix fits in ROA, and ROA ASN and Prefix Origin Match - UNKNOWN = we haven't found any matching ROA - INVALID - ASN mismatch = BGP prefix fits in the ROA prefix's length BUT the ROA ASN differs from the Prefix Origin ASN - INVALID - Prefix length out of bounds = the BGP prefix doesn't have an ROA with large enough Max-Length to refer to - INVALID - ASN 0 specified = there is a matching ROA w/ the right max-length but the ASN associated w/ it is 0 (explicit invalid) If anyone would like more information please hit me up offline. -Steve
Current thread:
- Re: Analysing traffic in context of rejecting RPKI invalids using pmacct Steve Meuse (Mar 11)
- Re: Analysing traffic in context of rejecting RPKI invalids using pmacct Jay Borkenhagen (Mar 12)
- Re: Analysing traffic in context of rejecting RPKI invalids using pmacct Steve Meuse (Mar 13)
- Re: Analysing traffic in context of rejecting RPKI invalids using pmacct Randy Bush (Mar 13)
- Re: Analysing traffic in context of rejecting RPKI invalids using pmacct Steve Meuse (Mar 13)
- <Possible follow-ups>
- Re: Analysing traffic in context of rejecting RPKI invalids using pmacct Sriram, Kotikalapudi (Fed) via NANOG (Mar 15)
- Re: Analysing traffic in context of rejecting RPKI invalids using pmacct Randy Bush (Mar 15)
- Re: Analysing traffic in context of rejecting RPKI invalids using pmacct Jay Borkenhagen (Mar 15)
- Re: Analysing traffic in context of rejecting RPKI invalids using pmacct Randy Bush (Mar 15)
- Re: Analysing traffic in context of rejecting RPKI invalids using pmacct Jay Borkenhagen (Mar 12)