nanog mailing list archives
Re: deploying RPKI based Origin Validation
From: Mark Tinka <mark.tinka () seacom mu>
Date: Sat, 14 Jul 2018 06:46:33 +0200
On 13/Jul/18 17:18, Grant Taylor via NANOG wrote:
Please forgive the n00b question: But isn't that where carrying the prefixes through your network and conditionally advertising them to customers comes into play? Or does that run into complications where you must also have the prefixes which don't validate routed in your core?
Carrying prefixes in the network is not an issue, valid or otherwise. If you act on them as they enter the network in an aggressive manner, then the other end of an eBGP session will not receive them. That's the issue. Of course, that's how RPKI is supposed to work, but when you're the only one doing it, you're shooting your own foot.
The reading I did on RPKI / OV yesterday made me think that it is possible to have validated routes preferred over unknown routes which are preferred over invalid routes. So I'd think that you could still have the routes through your core but conditionally advertise the prefixes to customers based on their desires.
Using LOCAL_PREF to (de)prefer routes based on their validation status is an idea that has been used since 2014. But for me, it defeats the purpose if you are going to go soft when trying to implement something that requires this much resolve to clean up the Internet. Mark.
Current thread:
- Re: deploying RPKI based Origin Validation, (continued)
- Re: deploying RPKI based Origin Validation Randy Bush (Jul 18)
- Re: deploying RPKI based Origin Validation Job Snijders (Jul 18)
- Re: deploying RPKI based Origin Validation Mark Tinka (Jul 18)
- Re: deploying RPKI based Origin Validation Mark Tinka (Jul 18)
- RE: deploying RPKI based Origin Validation Michel Py (Jul 19)
- Re: deploying RPKI based Origin Validation Mark Tinka (Jul 19)
- Message not available
- Re: deploying RPKI based Origin Validation Job Snijders (Jul 27)
- Re: deploying RPKI based Origin Validation Alex Band (Jul 27)
- Re: deploying RPKI based Origin Validation Mark Tinka (Jul 13)
- Re: deploying RPKI based Origin Validation Mark Tinka (Jul 13)
- Re: deploying RPKI based Origin Validation Mark Tinka (Jul 13)
- Re: deploying RPKI based Origin Validation Job Snijders (Jul 14)
- Re: deploying RPKI based Origin Validation Saku Ytti (Jul 14)
- Re: deploying RPKI based Origin Validation Mark Tinka (Jul 14)
- Re: deploying RPKI based Origin Validation Mark Tinka (Jul 19)