Cloudflare OCTO RPKI Validator - LACNIC CAs issues
Does anybody else have problems with Cloudflare's RPKI Validator with prefixes from LACNIC? Customers were sending us some reports of issues with LACNIC's IPBlocks using Cloudflare RPKI as source of validation. A friend and I did some checks. And looks like that some issue is happening on the Lacnic Trust Anchor, specifically on OctoRPKI. We took the Registro.Br Prefix to do the tests -> 200.160.0.0/20 -> AS22548 -> On Cloudflare https://rpki.cloudflare.com/?view=validator&validateRoute=22548_200.160.0.0%2F20 AS22548_200.160.0.0/20 is Unknown at 19:30 20201-04-22 https://pasteboard.co/JYy8fjI.png -> On Ripe https://rpki-validator.ripe.net/bgp-preview AS22548_200.160.0.0/20 is Valid at 19:30 20201-04-22 https://pasteboard.co/JYycsd4.png An interesting thing is that on the graph of ROAs over Timer of the Lacnic Trust Anchor shows a big drop on 20201/04/19. https://rpki.cloudflare.com/?ohlcTa=LACNIC "Volume Removed: 14.761" "ROAs Removed: 13.392" https://pasteboard.co/JYyeSaw.png Any idea of possible causes? Any suggestions on how to solve it? -- Douglas Fernando Fischer Engº de Controle e Automação
Hi Douglas, Not sure about dip in their rpki monitoring page for lacnic, but I could see the VRP here https://rpki.cloudflare.com/rpki.json The daily snapshot taken at 23:47 22-04-2021 using rpki.cloudflare.com shows the prefix. cloudflare# grep 200.160.0.0 2021-04-22-2347-UTC + 200.160.0.0 20 - 24 22548 rtrclient tcp -k -p rtr.rpki.cloudflare.com 8282 Regards, Aftab A. Siddiqui On Fri, 23 Apr 2021 at 05:50, Douglas Fischer <fischerdouglas@gmail.com> wrote:
Does anybody else have problems with Cloudflare's RPKI Validator with prefixes from LACNIC?
Customers were sending us some reports of issues with LACNIC's IPBlocks using Cloudflare RPKI as source of validation.
A friend and I did some checks. And looks like that some issue is happening on the Lacnic Trust Anchor, specifically on OctoRPKI. We took the Registro.Br Prefix to do the tests -> 200.160.0.0/20 -> AS22548
-> On Cloudflare
https://rpki.cloudflare.com/?view=validator&validateRoute=22548_200.160.0.0%2F20 AS22548_200.160.0.0/20 is Unknown at 19:30 20201-04-22 https://pasteboard.co/JYy8fjI.png
-> On Ripe https://rpki-validator.ripe.net/bgp-preview AS22548_200.160.0.0/20 is Valid at 19:30 20201-04-22 https://pasteboard.co/JYycsd4.png
An interesting thing is that on the graph of ROAs over Timer of the Lacnic Trust Anchor shows a big drop on 20201/04/19. https://rpki.cloudflare.com/?ohlcTa=LACNIC "Volume Removed: 14.761" "ROAs Removed: 13.392" https://pasteboard.co/JYyeSaw.png
Any idea of possible causes? Any suggestions on how to solve it?
-- Douglas Fernando Fischer Engº de Controle e Automação
Something was done to correct this... https://rpki.cloudflare.com/?view=validator&validateRoute=22548_200.160.0.0%2F20 The result that I checked yesterday (2021/04/22) was saying Unknow. https://pasteboard.co/JYy8fjI.png Today(2021-04-23) the result is saying Valid. https://pasteboard.co/JYExkjY.png In the next image/link we can see a huge grow on the graph of LACNIC TrustAnchor at CloudFlare Validator. https://rpki.cloudflare.com/?ohlcTa=LACNIC https://pasteboard.co/JYEBE8o.png I Would like to know if what corrected this was done on LACNIC side, or OCTORPKI side. Em qui., 22 de abr. de 2021 às 16:47, Douglas Fischer < fischerdouglas@gmail.com> escreveu:
Does anybody else have problems with Cloudflare's RPKI Validator with prefixes from LACNIC?
Customers were sending us some reports of issues with LACNIC's IPBlocks using Cloudflare RPKI as source of validation.
A friend and I did some checks. And looks like that some issue is happening on the Lacnic Trust Anchor, specifically on OctoRPKI. We took the Registro.Br Prefix to do the tests -> 200.160.0.0/20 -> AS22548
-> On Cloudflare
https://rpki.cloudflare.com/?view=validator&validateRoute=22548_200.160.0.0%2F20 AS22548_200.160.0.0/20 is Unknown at 19:30 20201-04-22 https://pasteboard.co/JYy8fjI.png
-> On Ripe https://rpki-validator.ripe.net/bgp-preview AS22548_200.160.0.0/20 is Valid at 19:30 20201-04-22 https://pasteboard.co/JYycsd4.png
An interesting thing is that on the graph of ROAs over Timer of the Lacnic Trust Anchor shows a big drop on 20201/04/19. https://rpki.cloudflare.com/?ohlcTa=LACNIC "Volume Removed: 14.761" "ROAs Removed: 13.392" https://pasteboard.co/JYyeSaw.png
Any idea of possible causes? Any suggestions on how to solve it?
-- Douglas Fernando Fischer Engº de Controle e Automação
-- Douglas Fernando Fischer Engº de Controle e Automação
participants (2)
-
Aftab Siddiqui -
Douglas Fischer