nanog mailing list archives

Re: plea for comcast/sprint handoff debug help

From: Randy Bush <randy () psg com>
Date: Sat, 31 Oct 2020 03:06:24 -0700

   - Randy says: "finding the fort rp to be pretty solid!"  I'll say that
   if you loaded a fresh Fort and fresh Routinator install, they would both
   have your ROAs.
   - The sense of "stickiness" is local only; hence to my mind the
   protection against "downgrade" attack is somewhat illusory. A fresh install
   knows nothing of history.


fort running
enabled rrdp on server
router reports

r0.sea#sh ip bgp rpki table | i 3130 
147.28.0.0/20        20      3130       0       147.28.0.84/323
147.28.0.0/19        19      3130       0       147.28.0.84/323
147.28.64.0/19       19      3130       0       147.28.0.84/323
147.28.96.0/19       19      3130       0       147.28.0.84/323
147.28.128.0/19      19      3130       0       147.28.0.84/323
147.28.160.0/19      19      3130       0       147.28.0.84/323
147.28.192.0/19      19      3130       0       147.28.0.84/323
192.83.230.0/24      24      3130       0       147.28.0.84/323
198.180.151.0/24     24      3130       0       147.28.0.84/323
198.180.153.0/24     24      3130       0       147.28.0.84/323

disabled rrdp on server
added new roa 198.180.151.0/25
waited a while
router reports

r0.sea#sh ip bgp rpki table | i 3130 
147.28.0.0/20        20      3130       0       147.28.0.84/323
147.28.0.0/19        19      3130       0       147.28.0.84/323
147.28.64.0/19       19      3130       0       147.28.0.84/323
147.28.96.0/19       19      3130       0       147.28.0.84/323
147.28.128.0/19      19      3130       0       147.28.0.84/323
147.28.160.0/19      19      3130       0       147.28.0.84/323
147.28.192.0/19      19      3130       0       147.28.0.84/323
192.83.230.0/24      24      3130       0       147.28.0.84/323
198.180.151.0/25     25      3130       0       147.28.0.84/323  <<<===
198.180.151.0/24     24      3130       0       147.28.0.84/323
198.180.153.0/24     24      3130       0       147.28.0.84/323

as i said, fort seems solid

randy

Current thread:

Re: plea for comcast/sprint handoff debug help, (continued)
- - Re: plea for comcast/sprint handoff debug help Alex Band (Oct 29)
    - Re: plea for comcast/sprint handoff debug help Randy Bush (Oct 29)
    - Re: plea for comcast/sprint handoff debug help Randy Bush (Oct 29)
    - Re: plea for comcast/sprint handoff debug help Alex Band (Oct 30)
    - Re: plea for comcast/sprint handoff debug help Tom Beecher (Oct 30)
    - RPKI over RSYNC vs RRDP (Was: plea for comcast/sprint handoff debug help) Job Snijders (Oct 30)
    - Re: plea for comcast/sprint handoff debug help Job Snijders (Oct 30)
    - Re: plea for comcast/sprint handoff debug help Tim Bruijnzeels (Oct 30)
    - Re: plea for comcast/sprint handoff debug help Randy Bush (Oct 30)
    - Re: plea for comcast/sprint handoff debug help Tony Tauber (Oct 30)
    - Re: plea for comcast/sprint handoff debug help Randy Bush (Oct 31)
    - Re: plea for comcast/sprint handoff debug help Randy Bush (Oct 31)
    - Re: plea for comcast/sprint handoff debug help Alex Band (Oct 31)
    - Re: plea for comcast/sprint handoff debug help Randy Bush (Oct 31)