On 16/01/2019 08:56, Mark Tinka wrote:
> Running a few exchange points in Africa since 2002, the news was that
> the exchange point LAN should not be visible anywhere on the Internet.
Do you use AS0 as origin on the RPKI objects for said exchange point
LAN(s) to prevent route propagation?
Either AS 0, or the ASN of the IXP’s service network are valid options. Whatever ASN is listed in the RPKI ROA, should simply never announce the prefix.
IXPs should make sure to not set MaxLength to allow anything more-l specific, it should be equal to the prefix length.
Kind regards,
Job