AT&T/as7018 now drops invalid prefixes from peers
Nick Hilliard
nick at foobar.org
Tue Feb 12 15:05:28 UTC 2019
Matthew Walster wrote on 12/02/2019 14:50:
> For initial deployment, this can seem attractive, but remember that one
> of the benefits an ROA gives is specifying the maximum prefix length.
> This means that someone can't hijack a /23 with a /24.
they can if they forge the source ASN. RPKI helps against misconfigs
rather than intentional hijackings.
Nick
More information about the NANOG
mailing list