deploying RPKI based Origin Validation
Mark Tinka
mark.tinka at seacom.mu
Tue Jul 17 11:27:09 UTC 2018
On 16/Jul/18 17:26, Job Snijders wrote:
> I calculated this here few days ago
> http://instituut.net/~job/rpki-report-2018.07.12.txt
>
> Markus Weber from KPN is generating a daily report here and drew similar
> conclusions: https://as286.net/data/ana-invalids.txt Markus scrapes all
> routes from the AS 286 PEs and marks the routes for which no valid or
> unknown alternative exists as "altpfx=NONE".
Thanks. Protein.
So the numbers are not that far off from when I last checked this back
in 2016, i.e., less than 1% of the total IPv4 routing table.
Do you have numbers for IPv6, out of interest?
> Or delete the incorrect RPKI ROA. Either way is fine.
That would work, but the risk with that then is trying to get those
networks back into RPKI would be more difficult, and if they do, chances
are that the folk that were pushing it would have since left the
company, making our education efforts a lot more difficult.
So I'd be for pushing these folk to ROA the more-specifics, which is
just a click of a button in their RIR's system.
> Perhaps the RIRs should start an outreach program to proactively inform
> the owners of those 2,200 invalid route announcements to get them to
> either fix...
I would be in support of this, and would certainly work very closely
with AFRINIC to fix our side of things.
Happy to also do a co-preso paper with you during EPF in Athens for the
RIPE side of things.
If you'll be in Vancouver, we can do the same for the ARIN side.
I'm at MyNOG next week, and can speak to the folk from APNIC that will
be showing up about this as well.
That leaves LACNIC.
Mark.
More information about the NANOG
mailing list