nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: AT&T/as7018 now drops invalid prefixes from peers

From: Niels Raijer <niels () fusix nl>
Date: Tue, 12 Feb 2019 09:54:00 +0100
On 12 Feb 2019, at 01:52, Jay Borkenhagen <jayb () braeburn org> wrote:


We got some very good advice watching this video from your most recent
NLNOG day:

https://www.youtube.com/watch?v=vrzl__yGqLE

... but there is one place where I disagree with Niels.  


You’re of course welcome to do so :-)


He advised
against lowering the local-pref of invalid routes.  I agree that this
should not be anyone's target policy, but it is a useful step along
the way.  To set invalid routes a lower local-pref, one needs to
establish RTR sessions from routers to relying party servers, and to
configure a policy that takes validation state into account.  


I agree that this is a good approach for taking first steps into the RPKI world and I would not discourage a lower 
local preference as a first stage. As long as we’re on the same page about invalid == reject being the intended end 
result. 


In short: C'mon in!  The water's fine! :-)


As a competitive swimmer I couldn’t agree more!
-- 
Niels Raijer
niels () fusix nl
Previous By Date Next
Previous By Thread Next

Current thread: