Re: Acceptance of RPKI unknown in ROV

[Job Snijders via NANOG <nanog () nanog org>]

On Thu, 19 Oct 2023 at 11:56, Owen DeLong <owen () delong com> wrote:

> On Thu, 19 Oct 2023 at 11:46, Owen DeLong via NANOG <nanog () nanog org>
> wrote:
>
> > A question for network operators out there that implement ROV…
> >
> > Is anyone rejecting RPKI unknown routes at this time?
> >
> > I know that it’s popular to reject RPKI invalid (a ROA exists, but
> > doesn’t match the route), but I’m wondering if anyone  is currently or has
> > any plans to start rejecting routes which don’t have a matching ROA at all?
>
>
>
> This would be a bad idea and cause needless fragility in the network
> without any upsides.
>
>
> I’m not intending to advocate it, I’m asking if anyone is currently doing
> it.


I’m not aware of anyone doing this, and have not heard operators express
interest in doing this (probably because it seems such an unpleasant
concept).

Somewhat related:

I do know of operators that require a ROA (if it’s non-legacy space) during
their customer onboarding process, for example, in BOYIP for DIA cases.

But those operators do not expect the ROA to continually exist after the
provisioning has been completed successfully. Making the continued
availability of a route dependent on the continued validity of a ROA is
where friction starts to form.

Kind regards,

Job

>