7 Jan
2020
7 Jan
'20
6:25 a.m.
On 7/Jan/20 13:12, Martijn Schmidt wrote:
I don't think Cogent signed ROAs for any of their legacy IP space from which they make sub-allocations to customers.. so for networks doing ROV it should just evaluate to an unknown state, rather than an invalid state.
Indeed... it was just a reminder to anyone at Cogent that looks after BGP security (or any of their customers interested in the same) to keep this in mind. As part of our deployment of dropping Invalids across eBGP sessions with customers in recent weeks, this is one of the issues we've come up against numerous times. We were already against inconsistent AS origination before RPKI; this emphasizes that issue without proper care to the needs of RPKI. Mark.