Vincent Bernat писал 2020-04-22 15:26:
❦ 22 avril 2020 12:51 -04, Andrey Kostin:
BTW, has anybody yet thought/looked into extending RPKI-RTR protocol for validation of prefixes received from peer-as to make ingress filtering more dynamic and move away prefix filters from the routers?
It could be used as is if the client implementations were a bit more flexible.
With BIRD, you decide which AS to match. So you can match on the neighbor AS instead of the origin AS. Then, you can use something like GoRTR which accepts using JSON files instead of the RPKI as source. BIRD also allows you to have several ROA tables. So, you can check against the "real" RPKI as well as against your custom IRR-based RPKI.
That's what I meant. So I guess IX operators already can use BIRD on route-servers for prefix filtering. I think it could be useful on hw routers as well. Kind regards, Andrey