nanog mailing list archives
Re: Understanding impact of RPKI and ROA on existing advertisements
From: heasley <heas () shrubbery net>
Date: Tue, 1 Nov 2022 16:07:15 +0000
Tue, Nov 01, 2022 at 12:01:46PM -0400, Jon Lewis:
One danger with RPKI, is shooting yourself (or customers) in the foot by creating too general a ROA. i.e. Suppose you have an ARIN /20. You have a multihomed customer to whom you've assigned a /24 from your /20. You create a ROA for the /20 saying your ASN is authorized to originate your /20. Now that customer /24 has become an RPKI-invalid, and the customer may find that their other provider is filtering their /24 advertisement.
ie: you must also create roa(s) for your bgp customer's more specific(s) of your aggregate.
Current thread:
- Understanding impact of RPKI and ROA on existing advertisements Samuel Jackson (Nov 01)
- RE: Understanding impact of RPKI and ROA on existing advertisements Kevin Burke (Nov 01)
- Re: Understanding impact of RPKI and ROA on existing advertisements Alex Band (Nov 01)
- Re: Understanding impact of RPKI and ROA on existing advertisements Jon Lewis (Nov 01)
- Re: Understanding impact of RPKI and ROA on existing advertisements heasley (Nov 01)
- Re: Understanding impact of RPKI and ROA on existing advertisements Samuel Jackson (Nov 01)
- Re: Understanding impact of RPKI and ROA on existing advertisements Randy Bush (Nov 01)
- Re: Understanding impact of RPKI and ROA on existing advertisements Josh Luthman (Nov 02)
- Re: Understanding impact of RPKI and ROA on existing advertisements Jon Lewis (Nov 01)
- Re: Understanding impact of RPKI and ROA on existing advertisements heasley (Nov 02)
- Re: Understanding impact of RPKI and ROA on existing advertisements Owen DeLong via NANOG (Nov 02)
- Re: Understanding impact of RPKI and ROA on existing advertisements jim deleskie (Nov 02)
- <Possible follow-ups>
- RE: Understanding impact of RPKI and ROA on existing advertisements Jakob Heitz (jheitz) via NANOG (Nov 03)
- Re: Understanding impact of RPKI and ROA on existing advertisements Randy Bush (Nov 03)