Note to self… It’s better not to do RPKI than to do it badly. Owen
On Sep 19, 2018, at 09:32 , nusenu <nusenu-lists@riseup.net> wrote:
Hi,
apparently Cloudflare will be enforcing RPKI route origin validation "by the end of the year" [1].
https://blog.cloudflare.com/rpki-details/
If this is actually the case then some prefixes run at risk of loosing the ability to reach Cloudflare.
This is a heads-up so you can check if you would be affected, you can ctrl-f the list of 75 prefixes (ARIN region only) bellow for your prefix or ASN.
(data as of 2018-09-19 14:06 UTC)
https://bgp.he.net/net/168.245.235.0/24 (AS13428) https://bgp.he.net/net/69.28.67.0/24 (AS13768) https://bgp.he.net/net/69.28.82.0/23 (AS13768) https://bgp.he.net/net/68.64.234.0/24 (AS14237) https://bgp.he.net/net/209.24.0.0/24 (AS15562) https://bgp.he.net/net/172.98.214.0/24 (AS17139) https://bgp.he.net/net/66.85.44.0/24 (AS19437) https://bgp.he.net/net/23.139.0.0/24 (AS20860) https://bgp.he.net/net/68.64.227.0/24 (AS262913) https://bgp.he.net/net/192.136.187.0/24 (AS26827) https://bgp.he.net/net/208.76.33.0/24 (AS26938) https://bgp.he.net/net/208.76.39.0/24 (AS26938) https://bgp.he.net/net/68.64.231.0/24 (AS30167) https://bgp.he.net/net/192.133.106.0/24 (AS33060) https://bgp.he.net/net/192.133.107.0/24 (AS33060) https://bgp.he.net/net/192.209.63.0/24 (AS393398) https://bgp.he.net/net/198.28.13.0/24 (AS393451) https://bgp.he.net/net/2606:8e80:3000::/48 (AS394308) https://bgp.he.net/net/2606:8e80:1000::/48 (AS394497) https://bgp.he.net/net/2606:8e80:4000::/48 (AS394497) https://bgp.he.net/net/2606:8e80::/48 (AS394497) https://bgp.he.net/net/2606:8e80:5000::/48 (AS394497) https://bgp.he.net/net/2606:8e80:2000::/48 (AS394644) https://bgp.he.net/net/2606:8e80:4000::/48 (AS394644) https://bgp.he.net/net/104.245.239.0/24 (AS395970) https://bgp.he.net/net/172.98.209.0/24 (AS395970) https://bgp.he.net/net/172.98.210.0/24 (AS395970) https://bgp.he.net/net/172.98.212.0/24 (AS395970) https://bgp.he.net/net/172.98.214.0/24 (AS395970) https://bgp.he.net/net/172.98.215.0/24 (AS395970) https://bgp.he.net/net/172.98.208.0/24 (AS41139) https://bgp.he.net/net/172.98.211.0/24 (AS41139) https://bgp.he.net/net/172.98.213.0/24 (AS41139) https://bgp.he.net/net/168.245.223.0/24 (AS43181) https://bgp.he.net/net/208.84.64.0/24 (AS52129) https://bgp.he.net/net/208.86.200.0/24 (AS52129) https://bgp.he.net/net/199.68.168.0/22 (AS53429) https://bgp.he.net/net/199.68.175.0/24 (AS53429) https://bgp.he.net/net/162.208.108.0/24 (AS55079) https://bgp.he.net/net/162.208.109.0/24 (AS55079) https://bgp.he.net/net/162.208.110.0/24 (AS55079) https://bgp.he.net/net/162.208.111.0/24 (AS55079) https://bgp.he.net/net/198.176.44.0/24 (AS55079) https://bgp.he.net/net/198.176.46.0/24 (AS55079) https://bgp.he.net/net/198.176.47.0/24 (AS55079) https://bgp.he.net/net/2604:a680:2::/48 (AS55079) https://bgp.he.net/net/2604:ab80:2::/48 (AS55079) https://bgp.he.net/net/2604:ab80:5::/48 (AS55079) https://bgp.he.net/net/198.176.45.0/24 (AS55097) https://bgp.he.net/net/2604:a680:4::/48 (AS55097) https://bgp.he.net/net/208.66.204.0/24 (AS6165) https://bgp.he.net/net/208.66.205.0/24 (AS6165) https://bgp.he.net/net/208.66.206.0/24 (AS6165) https://bgp.he.net/net/208.66.207.0/24 (AS6165) https://bgp.he.net/net/74.116.232.0/24 (AS6165) https://bgp.he.net/net/74.116.233.0/24 (AS6165) https://bgp.he.net/net/74.116.234.0/24 (AS6165) https://bgp.he.net/net/74.116.235.0/24 (AS6165) https://bgp.he.net/net/74.116.236.0/24 (AS6165) https://bgp.he.net/net/74.116.237.0/24 (AS6165) https://bgp.he.net/net/74.116.238.0/24 (AS6165) https://bgp.he.net/net/198.24.10.0/24 (AS62541) https://bgp.he.net/net/198.24.11.0/24 (AS62541) https://bgp.he.net/net/104.171.208.0/20 (AS63267) https://bgp.he.net/net/104.171.208.0/24 (AS63267) https://bgp.he.net/net/69.28.64.0/20 (AS6364) https://bgp.he.net/net/69.28.80.0/23 (AS6364) https://bgp.he.net/net/69.28.84.0/23 (AS6364) https://bgp.he.net/net/69.28.86.0/24 (AS6364) https://bgp.he.net/net/69.28.87.0/24 (AS6364) https://bgp.he.net/net/69.28.88.0/23 (AS6364) https://bgp.he.net/net/69.28.88.0/24 (AS6364) https://bgp.he.net/net/69.28.90.0/23 (AS6364) https://bgp.he.net/net/69.28.92.0/22 (AS6364) https://bgp.he.net/net/172.93.121.0/24 (AS8100) https://bgp.he.net/net/66.85.45.0/24 (AS8100) https://bgp.he.net/net/206.53.202.0/24 (AS11492) that is probably supposed to be invalid (DE-CIX Dallas peering LAN? :)
[1] https://twitter.com/Jerome_UZ/status/1042433414371205120
-- https://twitter.com/nusenu_ https://mastodon.social/@nusenu