Illegal usage of AS51888 (and PI 91.220.85.0/24) from AS42989 and AS57954 (in ukraine)

Christopher Morrow morrowc.lists at gmail.com
Fri May 3 21:42:08 UTC 2013


On Fri, May 3, 2013 at 2:21 PM, Nick Hilliard <nick at foobar.org> wrote:

> On 03/05/2013 19:08, Christopher Morrow wrote:
> > hopefully it won't involve people being brave :) hopefully good
> measurement
> > and metrics lead us to a position where things 'just work' and we can do
> it
> > with confidence! :)
>
> dropping prefixes means that you're ok about not having reachability to a
> prefix if its roa pops up as "unknown".  This could be because the prefix
> holder hasn't bothered to register their prefix in the rpki (i.e.
> sloppiness), or it could be because the ROA has been revoked for some
> reason (e.g. because of hijacking).  For sure, a router can't tell the
> difference.
>
>
right, in the ideal tomorrow-tomorrow-land ... this all is part of turnup
and the timelines associated with propogation/etc are all known and
accounted for. Additionally, the systems involved are all well understood
and redundant/resilient/etc.

in short, in the tomorrow-tomorrow-land... this all just works as we
expect/want, and the only 'unknown' are actually 'invalid'.


> From a deployment point of view, there's a pretty big gap between poking
> around with rpki and actually dropping prefixes on your routers.  I don't
> see that the rpki dat a will be good enough for the latter any time soon,
> but maybe one day.
>
>
right, no problem with this.



> Nick
>
>


More information about the NANOG mailing list