Re: Reaching out to ARIN members about their RPKI INVALID prefixes
Owen, You are correct in that RPKI leaves many problems unsolved. One that it does solve is prefix splitting. If I issue a ROA for prefix 10.1.2.0/23, any announcement of 10.1.2.0/24 (including mine) will be declared INVALID, because that announcement is covered by the ROA and the mask length is longer than maxlen. Of course, as you rightly point out, if I do NOT announce that prefix myself, then anyone is free to announce it anywhere and have it declared VALID just by prepending my ASN. Regards, Jakob. -----Original Message----- Date: Tue, 18 Sep 2018 14:18:55 -0700 From: Owen DeLong <owen@delong.com> What does RPKI offer other than a way to know what to spoof in a prepend for your forged announcement?
Seems to me that another logical way to work on cleaning-up invalids would be for those that want to perform validation to contact their direct peers with invalids, though even those contacts can become stale there will be some that are still valid and usually involve those intimately interested in routing (peering) problems they might otherwise cause and with the ability to get them fixed. /mark
participants (2)
-
Jakob Heitz (jheitz)
-
Mark Milhollan