Re: Analysing traffic in context of rejecting RPKI invalids using pmacct

["Sriram, Kotikalapudi \(Fed\) via NANOG" <nanog () nanog org>]

Jay:

> When we (as7018) were preparing to begin dropping invalid routes
> received from peers earlier this year, that is exactly the kind of
> analysis we did.  In our case we rolled our own with a two-pass
> process: we first found all the traffic to/from invalid routes by a
> bgp community we gave them, then outside of our flow analysis tool we
> further filtered the traffic for invalid routes which were covered by
> less-specific not-invalid routes.  What remained was the traffic we
> would lose once invalid routes were dropped.  Had the pmacct
> capability existed at that time, we would have used it.

We (NIST) did a detailed analysis of Invalid routes (with Routeviews data)
that was presented at IETF 101:
https://datatracker.ietf.org/meeting/101/materials/slides-101-sidrops-origin-validation-policy-considerations-for-dropping-invalid-routes-00
See slides 10-13. We tried to drill down on Invalid routes which were covered by
less-specific not-invalid routes. We examined questions like:
how often does the less-specific route have the same origin AS (OAS) as the Invalid,
and, if not, then how frequently is the OAS of the less specific route
a transit provider of the OAS of the Invalid route?
We plan to update the results periodically.
Sriram