RPKI unknown for superprefixes of existing ROA ?

• Previous message (by thread): RPKI unknown for superprefixes of existing ROA ?
• Next message (by thread): RPKI unknown for superprefixes of existing ROA ?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Yes, but we weren’t talking about an IXP here.

We’re talking about an ISP.

Believe it or not, Job, there are parts of the internet that exchange traffic and move packets that are not IXPs.

Owen


> On Oct 22, 2023, at 11:48, Job Snijders via NANOG <nanog at nanog.org> wrote:
> 
> On Sun, 22 Oct 2023 at 20:33, Tom Beecher <beecher at beecher.cc <mailto:beecher at beecher.cc>> wrote:
>>> Basically, I guess, it means that the AS 0 solution shouldn't be used, at least not usually.
>> 
>> It's like everything else. Understand what the tools do and what they don't do, and use them appropriately. 
> 
> 
> A primary risk for an IXP is the existence of a more-specific of the IX peering LAN prefix, a less-specific wouldn’t matter or inflict damage.
> 
> So in the above context an AS 0 ROAs can be useful to improve protection of IXP Peering LANs where the IX operator doesn’t want the fabric to be globally reachable - and one of the IX participants failed to correctly EBGP in/out policies.
> 
> Kind regards,
> 
> Job

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20231024/b32d2359/attachment.html>

• Previous message (by thread): RPKI unknown for superprefixes of existing ROA ?
• Next message (by thread): RPKI unknown for superprefixes of existing ROA ?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]