nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: RPKI unknown for superprefixes of existing ROA ?

From: Owen DeLong via NANOG <nanog () nanog org>
Date: Tue, 24 Oct 2023 17:28:31 -0700
Yes, but we weren’t talking about an IXP here.

We’re talking about an ISP.

Believe it or not, Job, there are parts of the internet that exchange traffic and move packets that are not IXPs.

Owen



On Oct 22, 2023, at 11:48, Job Snijders via NANOG <nanog () nanog org> wrote:

On Sun, 22 Oct 2023 at 20:33, Tom Beecher <beecher () beecher cc <mailto:beecher () beecher cc>> wrote:

Basically, I guess, it means that the AS 0 solution shouldn't be used, at least not usually.


It's like everything else. Understand what the tools do and what they don't do, and use them appropriately. 



A primary risk for an IXP is the existence of a more-specific of the IX peering LAN prefix, a less-specific wouldn’t 
matter or inflict damage.

So in the above context an AS 0 ROAs can be useful to improve protection of IXP Peering LANs where the IX operator 
doesn’t want the fabric to be globally reachable - and one of the IX participants failed to correctly EBGP in/out 
policies.

Kind regards,

Job
Previous By Date Next
Previous By Thread Next

Current thread: