Illegal usage of AS51888 (and PI 91.220.85.0/24) from AS42989 and AS57954 (in ukraine)

Nick Hilliard nick at foobar.org
Fri May 3 18:21:04 UTC 2013


On 03/05/2013 19:08, Christopher Morrow wrote:
> hopefully it won't involve people being brave :) hopefully good measurement
> and metrics lead us to a position where things 'just work' and we can do it
> with confidence! :)

dropping prefixes means that you're ok about not having reachability to a
prefix if its roa pops up as "unknown".  This could be because the prefix
holder hasn't bothered to register their prefix in the rpki (i.e.
sloppiness), or it could be because the ROA has been revoked for some
reason (e.g. because of hijacking).  For sure, a router can't tell the
difference.

>From a deployment point of view, there's a pretty big gap between poking
around with rpki and actually dropping prefixes on your routers.  I don't
see that the rpki data will be good enough for the latter any time soon,
but maybe one day.

Nick




More information about the NANOG mailing list