Dear Jay, AT&T, On Mon, Feb 11, 2019 at 09:53:45AM -0500, Jay Borkenhagen wrote:
The AT&T/as7018 network is now dropping all RPKI-invalid route announcements that we receive from our peers.
Thanks for filtering us! :-) AT&T doing origin validation combined with the peerlock-style AS_PATH filters this makes for a pretty strongly protected path between you and others.
We continue to accept invalid route announcements from our customers, at least for now. We are communicating with our customers whose invalid announcements we are propagating, informing them that these routes will be accepted by fewer and fewer networks over time.
I think this is a sensible strategy.
Thanks to those of you who are publishing ROAs in the RPKI. We would also like to encourage other networks to join us in taking this step to improve the quality of routing information in the Internet.
Thank you for paving the way! If you can share more about the experience in terms of load on the support tiers in your organisation, or questions from peering partners, that could perhaps be helpful information for others in their preparations. Kind regards, Job