AT&T/as7018 now drops invalid prefixes from peers

• Previous message (by thread): AT&T/as7018 now drops invalid prefixes from peers
• Next message (by thread): AT&T/as7018 now drops invalid prefixes from peers
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Matthew Walster wrote on 12/02/2019 14:50:
> For initial deployment, this can seem attractive, but remember that one 
> of the benefits an ROA gives is specifying the maximum prefix length. 
> This means that someone can't hijack a /23 with a /24.

they can if they forge the source ASN.  RPKI helps against misconfigs 
rather than intentional hijackings.

Nick

• Previous message (by thread): AT&T/as7018 now drops invalid prefixes from peers
• Next message (by thread): AT&T/as7018 now drops invalid prefixes from peers
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]