AT&T/as7018 now drops invalid prefixes from peers

• Previous message (by thread): AT&T/as7018 now drops invalid prefixes from peers
• Next message (by thread): AT&T/as7018 now drops invalid prefixes from peers
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 12 Feb 2019, at 01:52, Jay Borkenhagen <jayb at braeburn.org> wrote:

> We got some very good advice watching this video from your most recent
> NLNOG day:
> 
> https://www.youtube.com/watch?v=vrzl__yGqLE
> 
> ... but there is one place where I disagree with Niels.  

You’re of course welcome to do so :-)

> He advised
> against lowering the local-pref of invalid routes.  I agree that this
> should not be anyone's target policy, but it is a useful step along
> the way.  To set invalid routes a lower local-pref, one needs to
> establish RTR sessions from routers to relying party servers, and to
> configure a policy that takes validation state into account.  

I agree that this is a good approach for taking first steps into the RPKI world and I would not discourage a lower local preference as a first stage. As long as we’re on the same page about invalid == reject being the intended end result. 

> In short: C'mon in!  The water's fine! :-)

As a competitive swimmer I couldn’t agree more!
-- 
Niels Raijer
niels at fusix.nl

• Previous message (by thread): AT&T/as7018 now drops invalid prefixes from peers
• Next message (by thread): AT&T/as7018 now drops invalid prefixes from peers
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]