On Thu, Dec 8, 2022 at 1:45 AM Heasley <heas@shrubbery.net> wrote:
Am 12/7/22 um 22:25 schrieb Don Beal <don@depref.net>:
How can RPKI / OV prevent such a leak when there is no ROA for 2000::/12,
If all ASes participated, no „unknowns“, unknowns could be dropped, ….
yea that might be a tad dangerous today :( and don's right :( unknown is hard today :( (darn you don for being practical! :) ) crud.. but iRR filters! :)
what would 6762|2914|174|* invalidate against? Until a future where everything is 'valid', RPKI is unable to pare out less-specific conflicts.
It does look like 3356 pulled the announcement, which is good.
On Thu, Dec 8, 2022 at 4:48 AM Christopher Morrow <morrowc.lists@gmail.com> wrote:
On Wed, Dec 7, 2022 at 11:25 PM Ryan Hamel <administrator@rkhtech.org> wrote:
AS3356 has been announcing 2000::/12 for about 3 hours now, an aggregate covering over 23K prefixes (just over 25%) of the IPv6 DFZ.
interesting that this is leaking outside supposed RPKI OV boundaries as well. For example: 6762 3356 2914 3356 174 3356 (apologies to 174, I forget if they signed up to the 'doin ov now' plan)