Level 3's IRR Database

Randy Bush randy at psg.com
Mon Jan 31 08:35:49 CST 2011

>> when there is no roa for the arriving prefix, a roa for the covering
>> prefix is used.  see draft-pmohapat-sidr-pfx-validate-07.txt.
> Ahh, very good. I think that was the only concern. Presumably that
> would invalidate the route and it would be discarded vs deprefed.

well, i am not sure you want to discard it.  this is where the op has to
make a decision.  in a world of partial deployment and ops and customers
still learning how to deal with this stuff, should it be discarded?  

again from draft-ietf-sidr-rpki-origin-ops-04.txt

   Local policy using relative preference is suggested to manage the
   uncertainty associated with a system in flux, applying local policy
   to eliminate the threat of unroutability of prefixes due to ill-
   advised certification policies and/or incorrect certification data.
   E.g. until the community feels comfortable relying on RPKI data,
   routing on Invalid origin validity, though at a low preference, will
   likely be prevalent for a long time.

but you configure your routers as you think best.


More information about the NANOG mailing list