On 31/Jul/20 16:01, Baldur Norddahl wrote:
How do you know that none of the prefixes had ROA? The ones that had got stopped by Telias filter, so we would never know.
Like I said, "if". If they did, then they were protected. If they didn't, well...
This is exactly the situation where RPKI already works. My and yours prefixes, provided you like me have ROAs, will not be leaked through Telia and a number of other large transits. Even if they did not have proper filters in place.
I don't have to like you, but I will always honour your ROA :-). That is my point, though - this works if ROA's are present. We know this to not be the case - so having proper filters in place is not optional. Not at least until we have 100% diffusion of ROA's + ROV. And even then, we probably still want some kind of safety net.
Driving without RPKI / ROA is like driving without a seatbelt. You are fine until the day someone makes a mistake and then you wish you did your job at signing those prefixes sooner.
Don't disagree with you there. Mark.