deploying RPKI based Origin Validation

Mark Tinka mark.tinka at seacom.mu
Sat Jul 14 04:51:53 UTC 2018



On 13/Jul/18 18:25, Christopher Morrow wrote:

> it sounded like Mark didn't want to deal with that complexity in his
> network, until more deployment and more requests from customers like;
>   Customer: "Hey, why did my traffic get hijacked to paY(omlut)pal.com
> yesterday?"
>   Mark: "because you didn't ask for 'super-sekure-customer config? sorry?"
>
> I could have misunderstood either mark or job or you.. of course.

I didn't want to pass on Invalid routes at all, to ensure that the
source operator of that route correctly signs it in the RPKI. However,
one can't make the horse drink.

Using LOCAL_PREF to determine the preference between Valid, Unknown and
Invalid routes is just pussy-footing around the feature, if I'm being
honest.

What's the saying... "Go big, or go home" :-).

Mark.



More information about the NANOG mailing list