Level 3's IRR Database

Carlos M. Martinez carlosm3011 at gmail.com
Sun Jan 30 15:06:05 CST 2011


I think we just don't know (yet) how people are going to apply RPKI. If
I were operating a large network today, I would try to run RPKI in a
sort of warning-only mode, i.e. getting some sort of alert if an invalid
route was detected.

While this wouldn't have prevented YouTube's incident, it would probably
have shortened the recovery period.

I think it is too early in the deployment process to start dropping
routes based on RPKI alone. We'll get there at some point, I guess.

cheers

Carlos

On 1/30/11 6:47 PM, Nick Hilliard wrote:
> On 30/01/2011 17:39, Carlos Martinez-Cagnazzo wrote:
>> The solution to this problem (theoretical at least) already exist in
>> the form of RPKI.
>
> So, what are peoples' routing policies on RPKI going to be?  Are
> people going to drop prefixes with no RPKI record?  Or drop prefixes
> with an incorrect RPKI record?  Or drop prefixes with a revoked status?
>
> I'm concerned that if we're trying to avoid another Youtube affair,
> the RPKI policy acceptability criteria will have to be so strict that
> this may have a serious effect on overall reachability via the internet.
>
> Nick




More information about the NANOG mailing list