BGP in the Washngton Post

• Previous message (by thread): BGP in the Washngton Post
• Next message (by thread): BGP in the Washngton Post
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On (2015-06-02 21:51 -0700), Randy Bush wrote:

>     The RPKI is an X.509 based hierarchy [rfc 6481] which is congruent
>     with the internet IP address allocation administration, the IANA,

Hijacking this thread. I've requested both our main vendors for 'loose rpki'
years ago, nothing has happened.
SP trying to deploy RPKI may have negative business impact, if far-end
fat-fingers and fail RPKI, then my connectivity to them is broken, while
competitor who isn't running RPKI still works fine. Essentially suits may view
deploying RPKI as spending money to lose money.

Comfortable slow-start would be to have 'loose rpki' which essentially has 3
adj-ribs, verified-rpki, missing-rpki, failed-rpki. Then loc-rib is build from
each of these, so that no overlapping routes are installed from inferior ribs.
That is, if verified-rpki has 192.0.2.0/24, missing/failed-rpki cannot install
it or more-specific of it.

Net result is, we will always use verified-rpki route if existing, but if no
other options exist, we're happy to use any available route.

JunOS allows routing-policy to match on verified status, but this cannot
obviously override more-specifics.

-- 
  ++ytti

• Previous message (by thread): BGP in the Washngton Post
• Next message (by thread): BGP in the Washngton Post
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]