valdis.kletnieks@vt.edu writes:
On Mon, 11 Feb 2019 09:53:45 -0500, Jay Borkenhagen said:
The AT&T/as7018 network is now dropping all RPKI-invalid route announcements that we receive from our peers.
Congrats!
Thanks!
Are you able to comment on what amount of routes are getting dropped?
In round numbers, we dropped about 5000 invalid prefixes total between ipv4 and ipv6. Roughly half of those prefixes were covered by less-specific non-invalid routes, so connectivity should not have been affected for those prefixes (assuming an announcement yields reachability to all destinations within it). Flow analysis was showing just a couple Gbps of traffic to all invalid routes all across the country, and much less than that with those invalids having no covering less-specifics. Jay B.