Re: Acceptance of RPKI unknown in ROV

[Gaurav Kansal via NANOG <nanog () nanog org>]

> On 20-Oct-2023, at 00:35, nanog () nanog org wrote:
>
> On Thu, 19 Oct 2023 at 11:56, Owen DeLong <owen () delong com <mailto:owen () delong com>> wrote:
> > > On Thu, 19 Oct 2023 at 11:46, Owen DeLong via NANOG <nanog () nanog org <mailto:nanog () nanog org>> wrote:
> > > > A question for network operators out there that implement ROV…
> > > >
> > > > Is anyone rejecting RPKI unknown routes at this time?
> > > >
> > > > I know that it’s popular to reject RPKI invalid (a ROA exists, but doesn’t match the route), but I’m wondering if 
> > > > anyone  is currently or has any plans to start rejecting routes which don’t have a matching ROA at all?
> > >
> > >
> > > This would be a bad idea and cause needless fragility in the network without any upsides.
> >
> > I’m not intending to advocate it, I’m asking if anyone is currently doing it.
>
>
> I’m not aware of anyone doing this, and have not heard operators express interest in doing this (probably because it 
> seems such an unpleasant concept).
>
> Somewhat related:
>
> I do know of operators that require a ROA (if it’s non-legacy space) during their customer onboarding process, for 
> example, in BOYIP for DIA cases.

In my region also, ISPs are asking valid ROAs before on-boarding users. 

> But those operators do not expect the ROA to continually exist after the provisioning has been completed 
> successfully. Making the continued availability of a route dependent on the continued validity of a ROA is where 
> friction starts to form.
>
> Kind regards,
>
> Job