deploying RPKI based Origin Validation

• Previous message (by thread): deploying RPKI based Origin Validation
• Next message (by thread): deploying RPKI based Origin Validation
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 19/Jul/18 01:21, Job Snijders wrote:

> @ all - It would be good if operators ask their vendors if they can get
> behind this I-D https://tools.ietf.org/html/draft-ietf-sidrops-ov-clarify

I'm actually glad to see this (Randy, you've abandoned me, hehe).

We actually hit and troubleshot both these issues together with Randy
and a bunch of many good folk in the operator and vendor community back
in 2016/2017, where we discovered that Cisco were marking all iBGP
routes as Valid by default, and automatically applying RPKI policy on
routes without actual operator input.

The latter issue was actually officially documented as part of how the
implementation works over at Cisco-land, but the former was a direct
violation of the RFC.

These issues were eventually fixed later in 2017, but glad to see that
there is an I-D that proposes this more firmly!

Thanks, Randy!

Mark.

• Previous message (by thread): deploying RPKI based Origin Validation
• Next message (by thread): deploying RPKI based Origin Validation
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]