Illegal usage of AS51888 (and PI 91.220.85.0/24) from AS42989 and AS57954 (in ukraine)

• Previous message (by thread): Illegal usage of AS51888 (and PI 91.220.85.0/24) from AS42989 and AS57954 (in ukraine)
• Next message (by thread): Illegal usage of AS51888 (and PI 91.220.85.0/24) from AS42989 and AS57954 (in ukraine)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 03/05/2013 19:08, Christopher Morrow wrote:
> hopefully it won't involve people being brave :) hopefully good measurement
> and metrics lead us to a position where things 'just work' and we can do it
> with confidence! :)

dropping prefixes means that you're ok about not having reachability to a
prefix if its roa pops up as "unknown".  This could be because the prefix
holder hasn't bothered to register their prefix in the rpki (i.e.
sloppiness), or it could be because the ROA has been revoked for some
reason (e.g. because of hijacking).  For sure, a router can't tell the
difference.

>From a deployment point of view, there's a pretty big gap between poking
around with rpki and actually dropping prefixes on your routers.  I don't
see that the rpki data will be good enough for the latter any time soon,
but maybe one day.

Nick

• Previous message (by thread): Illegal usage of AS51888 (and PI 91.220.85.0/24) from AS42989 and AS57954 (in ukraine)
• Next message (by thread): Illegal usage of AS51888 (and PI 91.220.85.0/24) from AS42989 and AS57954 (in ukraine)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]