nanog mailing list archives
Re: "Is BGP safe yet?" test
From: Christopher Morrow <morrowc.lists () gmail com>
Date: Wed, 22 Apr 2020 14:05:21 -0400
On Wed, Apr 22, 2020 at 2:03 PM Christopher Morrow <morrowc.lists () gmail com> wrote:
On Wed, Apr 22, 2020 at 1:32 PM Danny McPherson <danny () tcb net> wrote:On 2020-04-22 12:51, Andrey Kostin wrote:BCP38 website doesn't proclaim anybody in person to be unsafe, but if it would be possible to make such test it'd be more useful than that RPKI test. BTW, has anybody yet thought/looked into extending RPKI-RTR protocol for validation of prefixes received from peer-as to make ingress filtering more dynamic and move away prefix filters from the routers?Do you really want those things in soft-state and not with some giant operational buffer to absorb all the brokenness that's sure to arise?a question about the data types here... So, a neighbor with no downstream ASN could be filtered directly with ROA == prefixlist-content. A neighbor with a downstream ASN has to be ROA (per asn downstream) == prefixlist-content. So you'd now have to do some calculations which are more complicated than just; "is roa for this prefix here and valid" to construct a prefix-list. correct?
Sorry, and this sidesteps the intent of the peer as well. For instance you may have a peer with 2 'downstream' asn, only 1 of which they wish to provide transit to you (from you?) for... how would you know this intent/policy from the peer's perspective? today you know that (most likely) from IRR data. is your answer ASPA / AS-Cone ?
Current thread:
- Re: "Is BGP safe yet?" test, (continued)
- Re: "Is BGP safe yet?" test Matt Corallo via NANOG (Apr 21)
- Re: "Is BGP safe yet?" test Danny McPherson (Apr 22)
- Re: "Is BGP safe yet?" test Warren Kumari (Apr 22)
- Re: "Is BGP safe yet?" test Baldur Norddahl (Apr 21)
- Re: "Is BGP safe yet?" test Mark Tinka (Apr 21)
- Re: "Is BGP safe yet?" test Matt Corallo via NANOG (Apr 21)
- Re: "Is BGP safe yet?" test Jay R. Ashworth (Apr 22)
- Re: "Is BGP safe yet?" test Andrey Kostin (Apr 22)
- Re: "Is BGP safe yet?" test Danny McPherson (Apr 22)
- Re: "Is BGP safe yet?" test Christopher Morrow (Apr 22)
- Re: "Is BGP safe yet?" test Christopher Morrow (Apr 22)
- Re: "Is BGP safe yet?" test Andrey Kostin (Apr 23)
- Re: "Is BGP safe yet?" test Andrey Kostin (Apr 22)
- Re: "Is BGP safe yet?" test Vincent Bernat (Apr 22)
- Re: "Is BGP safe yet?" test Andrey Kostin (Apr 23)