Re: AS3356 Announcing 2000::/12

[Christopher Morrow <morrowc.lists () gmail com>]

On Thu, Dec 8, 2022 at 1:45 AM Heasley <heas () shrubbery net> wrote:
> Am 12/7/22 um 22:25 schrieb Don Beal <don () depref net>:
>
> 
> How can RPKI / OV prevent such a leak when there is no ROA for 2000::/12,
>
>
> If all ASes participated, no „unknowns“, unknowns could be dropped, ….

yea that might be a tad dangerous today :(
and don's right :( unknown is hard today :( (darn you don for being
practical! :) )

crud.. but iRR filters! :)


> what would 6762|2914|174|* invalidate against? Until a future where everything is 'valid', RPKI is unable to pare out 
> less-specific conflicts.
>
> It does look like 3356 pulled the announcement, which is good.
>
>
> On Thu, Dec 8, 2022 at 4:48 AM Christopher Morrow <morrowc.lists () gmail com> wrote:
> > On Wed, Dec 7, 2022 at 11:25 PM Ryan Hamel <administrator () rkhtech org> wrote:
> > > AS3356 has been announcing 2000::/12 for about 3 hours now, an aggregate covering over 23K prefixes (just over 
> > > 25%) of the IPv6 DFZ.
> >
> > interesting that this is leaking outside supposed RPKI OV boundaries as well.
> > For example:
> >   6762 3356
> >   2914 3356
> >   174 3356 (apologies to 174, I forget if they signed up to the 'doin
> > ov now' plan)