deploying RPKI based Origin Validation

Mark Tinka mark.tinka at
Thu Jul 19 05:25:39 UTC 2018

On 18/Jul/18 21:30, Michel Py wrote:

> Not much at all, I was actually trying you do do the RPKI part for me ;-)
> This script you wrote, to produce the list of prefixes that are RPKI invalid AND that do not have any alternative, make it run every x minutes on a fixed url (no date/time in name). I will fetch it, inject it in ExaBGP that feeds my iGP and voila, done.

Just to clarify, Job wrote that script, not me :-).

> Who wants to use it can, not trying to impose it on the entire BGP community.

Which is fine, but I want to be cautious about encouraging a parallel
stream that slows down the deployment of RPKI.

> We probably have to wait until attrition brings us routers that have said code.

We generally use typical service provider routers to deliver services.
So I'm not sure whether the 3900's you run support it or not.


More information about the NANOG mailing list