Acceptance of RPKI unknown in ROV
Gaurav Kansal
gaurav.kansal at nic.in
Fri Oct 20 05:20:56 UTC 2023
> On 20-Oct-2023, at 00:35, nanog at nanog.org wrote:
>
> On Thu, 19 Oct 2023 at 11:56, Owen DeLong <owen at delong.com <mailto:owen at delong.com>> wrote:
>>>
>>> On Thu, 19 Oct 2023 at 11:46, Owen DeLong via NANOG <nanog at nanog.org <mailto:nanog at nanog.org>> wrote:
>>>> A question for network operators out there that implement ROV…
>>>>
>>>> Is anyone rejecting RPKI unknown routes at this time?
>>>>
>>>> I know that it’s popular to reject RPKI invalid (a ROA exists, but doesn’t match the route), but I’m wondering if anyone is currently or has any plans to start rejecting routes which don’t have a matching ROA at all?
>>>
>>>
>>> This would be a bad idea and cause needless fragility in the network without any upsides.
>>
>> I’m not intending to advocate it, I’m asking if anyone is currently doing it.
>
>
> I’m not aware of anyone doing this, and have not heard operators express interest in doing this (probably because it seems such an unpleasant concept).
>
> Somewhat related:
>
> I do know of operators that require a ROA (if it’s non-legacy space) during their customer onboarding process, for example, in BOYIP for DIA cases.
In my region also, ISPs are asking valid ROAs before on-boarding users.
>
> But those operators do not expect the ROA to continually exist after the provisioning has been completed successfully. Making the continued availability of a route dependent on the continued validity of a ROA is where friction starts to form.
>
> Kind regards,
>
> Job
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20231020/d4caf2db/attachment.html>
More information about the NANOG
mailing list