On 1/31/2011 8:35 AM, Randy Bush wrote:
when there is no roa for the arriving prefix, a roa for the covering prefix is used. see draft-pmohapat-sidr-pfx-validate-07.txt. Ahh, very good. I think that was the only concern. Presumably that would invalidate the route and it would be discarded vs deprefed.
well, i am not sure you want to discard it. this is where the op has to make a decision. in a world of partial deployment and ops and customers still learning how to deal with this stuff, should it be discarded?
I agree and definitely understand the turnup viewpoint. However, RPKI is useless if we don't discard invalid routes which are more specific than valid covering routes. local pref doesn't override prefix length decisions. Hijacks will continue to occur unless we issue discards... at some point. Jack