Level 3's IRR Database
Carlos M. Martinez
carlosm3011 at gmail.com
Sun Jan 30 15:06:05 CST 2011
I think we just don't know (yet) how people are going to apply RPKI. If
I were operating a large network today, I would try to run RPKI in a
sort of warning-only mode, i.e. getting some sort of alert if an invalid
route was detected.
While this wouldn't have prevented YouTube's incident, it would probably
have shortened the recovery period.
I think it is too early in the deployment process to start dropping
routes based on RPKI alone. We'll get there at some point, I guess.
On 1/30/11 6:47 PM, Nick Hilliard wrote:
> On 30/01/2011 17:39, Carlos Martinez-Cagnazzo wrote:
>> The solution to this problem (theoretical at least) already exist in
>> the form of RPKI.
> So, what are peoples' routing policies on RPKI going to be? Are
> people going to drop prefixes with no RPKI record? Or drop prefixes
> with an incorrect RPKI record? Or drop prefixes with a revoked status?
> I'm concerned that if we're trying to avoid another Youtube affair,
> the RPKI policy acceptability criteria will have to be so strict that
> this may have a serious effect on overall reachability via the internet.
More information about the NANOG