How can RPKI / OV prevent such a leak when there is no ROA for 2000::/12, what would 6762|2914|174|* invalidate against? Until a future where everything is 'valid', RPKI is unable to pare out less-specific conflicts. It does look like 3356 pulled the announcement, which is good. On Thu, Dec 8, 2022 at 4:48 AM Christopher Morrow <morrowc.lists@gmail.com> wrote:
On Wed, Dec 7, 2022 at 11:25 PM Ryan Hamel <administrator@rkhtech.org> wrote:
AS3356 has been announcing 2000::/12 for about 3 hours now, an aggregate
covering over 23K prefixes (just over 25%) of the IPv6 DFZ.
interesting that this is leaking outside supposed RPKI OV boundaries as well. For example: 6762 3356 2914 3356 174 3356 (apologies to 174, I forget if they signed up to the 'doin ov now' plan)