nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Hurricane Electric has reached 0 RPKI INVALIDs in our routing table

From: Mark Tinka <mark.tinka () seacom mu>
Date: Wed, 17 Jun 2020 16:33:44 +0200


On 17/Jun/20 16:25, Jon Lewis wrote:



The flip side of this though is that every time an IP space owner
publishes an ROA for an aggregate IP block and overlooks the fact that
they have customers BGP originating a subnet of the aggregate with an
ASN not permitted by an ROA, HE has "less than a full table".  :(


This is a known business use-case and it's incumbent upon the address
and AS holders to co-ordinate this.

We dropped some prefixes due to this in October of last year. Once we
raised the issue with the remote network, it was fixed in 30 minutes.




i.e. I'm questioning whether the system is mature enough and properly
used widely enough for dropping RPKI invalids to be a good idea?


Well, if we don't deploy, nothing matures.

The problems we hit in the field will help to make the entire system
better.

Mark.
Previous By Date Next
Previous By Thread Next

Current thread: