Hi Randy, .-- My secret spy satellite informs me that at 11-01-30 11:18 PM Randy Bush wrote:
so i am not sure what your point is. please clarify with a concrete example.
Adjusting a route's degree of preference in the selection algorithm based on its validation state only works if it's exactly the same prefix. Jack already sort of explained what I meant, but here's an example Assume that youtube's prefix had a roa like this Origin ASN: AS36561 Prefixes: 208.65.152.0/22 Now AS17557 start to announce a more specific: 208.65.153.0/24. Validators would classify this as Invalid (2). If we would only use local-prefs, routers would still choose to send it to AS17557 (Pakistan Telecom) as it's a more specific. So in cases where the invalid announcement is a more specific, the only way to prevent 'hijacks' is to actually drop these 'invalid' announcement from day one. I understand this is by design, but I can imagine some operators will be reluctant to actually drop routes when they start testing RPKI deployments in their networks. Cheers, Andree