deploying RPKI based Origin Validation
Mark Tinka
mark.tinka at seacom.mu
Sat Jul 14 04:54:35 UTC 2018
On 13/Jul/18 18:37, Job Snijders wrote:
> That is exactly what I mean. Because of the golden rule "most-specific
> always wins" (and parts of the AS_PATH are pretty easy to spoof) it
> only makes sense to me to completely reject invalid routes.
Exactly my preference, and exactly what we did for 2 years. But in
practice, customers don't really like this, nor does your CFO.
We need mass deployment for this to work effectively, and also a bit
more education for those that sign aggregates but not the more-specifics.
Mark.
More information about the NANOG
mailing list