nanog mailing list archives

Re: A few questions regarding about RPKI/invalids

From: Jon Lewis <jlewis () lewis org>
Date: Wed, 30 Mar 2022 10:06:12 -0400 (EDT)

On Wed, 30 Mar 2022, Drew Weaver wrote:

We’ve noticed that there are a number of routes being passed along from 3356 with invalid origin AS.

Of those, almost all of them are being passed to 3356 from 3549 (legacy Global Crossing) and there is no valid path 
available for any of these prefixes (at least according
to the ROA).

Ex 45.176.191.0/24   3356 3549 11172 270150

RPKI ROA entry for 45.176.191.0/24-24

  Origin-AS: 265621

I'm seeing that route, same origin. Those who do RPKI ROV do not see thatroute. Hurricane Electric, for example, via their looking glass has noroute for that IP space.

You would think the pain inflicted by parts of the Internet ignoring yourroutes would get RPKI oops's like this fixed relatively quickly. It maydepend on how much of the Internet they regularly exchange bits with andhow many of those networks actually do ROV.


----------------------------------------------------------------------
 Jon Lewis, MCP :)           |  I route
 StackPath, Sr. Neteng       |  therefore you are
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

Current thread:

A few questions regarding about RPKI/invalids Drew Weaver (Mar 30)
- Re: A few questions regarding about RPKI/invalids Andrey Kostin (Mar 30)
- Re: A few questions regarding about RPKI/invalids Jon Lewis (Mar 30)
- Re: A few questions regarding about RPKI/invalids Job Snijders via NANOG (Mar 30)
  - Re: A few questions regarding about RPKI/invalids Nimrod Levy (Mar 30)
  - RE: A few questions regarding about RPKI/invalids Drew Weaver (Mar 31)