CloudFlare issues?

• Previous message (by thread): CloudFlare issues?
• Next message (by thread): CloudFlare issues?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Mark,

Following that Verizon debacle I got onboard with ROV, after a couple research I stopped my choice on the ....drum roll.... CloudFlare GoRTR (https://github.com/cloudflare/gortr).  If you trust them enough they provide an updated JSON every 15 minutes of the global RIR aggregate.  I'll see down the road if we'll fetch them ourselves but at least it got us up and running in less than an hour.  It was also easy for us to deploy as the routers and the servers are on the same PoP directly connected, so we don't need the whole encryption recipe they provide for mass distribution.

But I also have a question for all the ROA folks out there.  So far we are not taking any action other than lowering the local-pref - we want to make sure this is stable before we start denying prefixes.  So the question, is it safe as of this date to : 1.Accept valid, 2. Accept unknown, 3. Reject invalid?  Have any large network who implemented it dealt with unreachable destinations?  I'm wondering as I haven't found any blog mentioning anything in this regard and ClouFlare docs only shows example for valid and invalid, but nothing for unknown.

My assumption is that 1.Accept valid, 2. Accept unknown, 3. Reject invalid shouldn't break anything.

Thanks,

-Francois
This e-mail may be privileged and/or confidential, and the sender does not waive any related rights and obligations. Any distribution, use or copying of this e-mail or the information it contains by other than an intended recipient is unauthorized. If you received this e-mail in error, please advise me (by return e-mail or otherwise) immediately. Ce courrier ?lectronique est confidentiel et prot?g?. L'exp?diteur ne renonce pas aux droits et obligations qui s'y rapportent. Toute diffusion, utilisation ou copie de ce message ou des renseignements qu'il contient par une personne autre que le (les) destinataire(s) d?sign?(s) est interdite. Si vous recevez ce courrier ?lectronique par erreur, veuillez m'en aviser imm?diatement, par retour de courrier ?lectronique ou par un autre moyen.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20190704/4fd594da/attachment.html>

• Previous message (by thread): CloudFlare issues?
• Next message (by thread): CloudFlare issues?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]