thanks, will keep in mind.

Also, about ROA expirations is it possible to configure an automatic ROA extension after it's expires ?

On Tue, Oct 26, 2021 at 12:35 AM Job Snijders <job@fastly.com> wrote:
Dear Edvinas,

On Mon, Oct 25, 2021 at 11:49:09PM +0300, Edvinas Kairys wrote:
> We're thinking of enabling BGP ROA, because more and more ISPs are using
> strict RPKI mode.
>
> Does enabling Hosted Mode (where it doesn't requires any additional
> configuration on client end) on RPKI could for some reason could cause a
> traffic loss ?
>
> The only disasterious scenario i could think of, is if we would enable ROA
> with incorrect sub prefixes, maximum prefix length. Am i Right ?

I think you correctly identified most of the potential pitfalls. Another
pitfall might be when a typo in the Origin AS value slips into the RPKI ROA.

For example, I originate 2001:67c:208c::/48 in the DFZ from AS 15562.
Should I'd accidentally modify the covering ROA to only permit AS 15563,
the planet's connectivity towards 2001:67c:208c::/48 would become
spotty.

So... - BEFORE - creating RPKI ROAs, I recommend setting up a BGP/RPKI
monitoring tool. NTT's excellent BGPAlerter might be useful in this
context: https://github.com/nttgin/BGPalerter

Don't deploy things without monitoring! :-)

Kind regards,

Job