nanog mailing list archives

Re: RPKI unknown for superprefixes of existing ROA ?

From: Job Snijders via NANOG <nanog () nanog org>
Date: Sun, 22 Oct 2023 20:48:15 +0200

On Sun, 22 Oct 2023 at 20:33, Tom Beecher <beecher () beecher cc> wrote:

Basically, I guess, it means that the AS 0 solution shouldn't be used, at

least not usually.


It's like everything else. Understand what the tools do and what they
don't do, and use them appropriately.



A primary risk for an IXP is the existence of a more-specific of the IX
peering LAN prefix, a less-specific wouldn’t matter or inflict damage.

So in the above context an AS 0 ROAs can be useful to improve protection of
IXP Peering LANs where the IX operator doesn’t want the fabric to be
globally reachable - and one of the IX participants failed to correctly
EBGP in/out policies.

Kind regards,

Job

Current thread:

Re: RPKI unknown for superprefixes of existing ROA ?, (continued)
- - - Re: RPKI unknown for superprefixes of existing ROA ? William Herrin (Oct 22)
    - Re: RPKI unknown for superprefixes of existing ROA ? Tom Beecher (Oct 22)
    - Re: RPKI unknown for superprefixes of existing ROA ? William Herrin (Oct 22)
    - Re: RPKI unknown for superprefixes of existing ROA ? Tom Beecher (Oct 22)
    - Re: RPKI unknown for superprefixes of existing ROA ? William Herrin (Oct 22)
    - Re: RPKI unknown for superprefixes of existing ROA ? Tom Beecher (Oct 22)
    - Re: RPKI unknown for superprefixes of existing ROA ? Owen DeLong via NANOG (Oct 22)
    - Re: RPKI unknown for superprefixes of existing ROA ? Tom Beecher (Oct 22)
    - Re: RPKI unknown for superprefixes of existing ROA ? Amir Herzberg (Oct 22)
    - Re: RPKI unknown for superprefixes of existing ROA ? Tom Beecher (Oct 22)
    - Re: RPKI unknown for superprefixes of existing ROA ? Job Snijders via NANOG (Oct 22)
    - Re: RPKI unknown for superprefixes of existing ROA ? Owen DeLong via NANOG (Oct 24)
    - Re: RPKI unknown for superprefixes of existing ROA ? Job Snijders via NANOG (Oct 24)
    - Re: RPKI unknown for superprefixes of existing ROA ? Randy Bush (Oct 24)
    - Re: RPKI unknown for superprefixes of existing ROA ? Owen DeLong via NANOG (Oct 25)
    - Re: RPKI unknown for superprefixes of existing ROA ? Owen DeLong via NANOG (Oct 24)
    - Re: RPKI unknown for superprefixes of existing ROA ? Tom Beecher (Oct 24)
    - Re: RPKI unknown for superprefixes of existing ROA ? Job Snijders via NANOG (Oct 22)
    - Re: RPKI unknown for superprefixes of existing ROA ? Rubens Kuhl (Oct 22)
    - Re: RPKI unknown for superprefixes of existing ROA ? Owen DeLong via NANOG (Oct 22)
    - Re: RPKI unknown for superprefixes of existing ROA ? Job Snijders via NANOG (Oct 22)