deploying RPKI based Origin Validation

• Previous message (by thread): deploying RPKI based Origin Validation
• Next message (by thread): deploying RPKI based Origin Validation
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jul 18, 2018 at 07:30:48PM +0000, Michel Py wrote:
> Not in lieu, but when deploying RPKI is not (yet) possible.  My
> routers are not RPKI capable, upgrading will take years (I'm not going
> to upgrade just because I want RPKI).

Can you elaborate what routers with what software you are using? It
surprises me a bit to find routers anno 2018 which can't do OV in some
shape or form.

> What do I have left : using a subset of RPKI as a blackhole :-(

If you implement 'invalid == blackhole', and cannot do normal OV - it
seems to me that you'll be blackholing the actual victim of a BGP
hijack? That would seem counter-productive.

Kind regards,

Job

• Previous message (by thread): deploying RPKI based Origin Validation
• Next message (by thread): deploying RPKI based Origin Validation
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]