[proj-bgp] adding graphs for actually unreachable RPKI INVALID prefixes to RPKI Monitor?
Sriram, Kotikalapudi (Fed)
kotikalapudi.sriram at nist.gov
Tue Sep 18 00:44:54 UTC 2018
I also found your analysis very interesting and useful. Thanks for that.
>What do you think about adding graphs that show the amount of actually
>unreachable prefixes and IP space? (prefix where no alternative valid/unknown announcement exists)
I am also part of the NIST BGP team.
Doug has already responded with information that we will soon have a new version of the NIST Monitor
which will provide the kind of graphs that you requested.
As an additional piece of info, I had given a presentation at IETF 101
in which you may find the data in slides 10-13 interesting:
It is a snapshot -- takes update data from Routeviews and validates routes using ROAs (see slides 10-13).
Then it drills down on Invalid routes to see how many are covered by Valid (V) or NotFound (NF) less specific routes.
Then further drills down to see if the origin AS (OAS) in the V/NF less specific route is the same or different
compared to the OAS in the Invalid route. In many cases, the answer is yes - same OAS.
We also found that when the answer was 'different OAS', then interestingly, in many instances the OAS in
the V/NF less specific route was the transit provider of the OAS in the Invalid route!
We (together with Job) have a draft in the IETF SIDROPS WG that specifies the details of
DISR (Drop Invalid if Still Routable) policy:
DISR policy is basically what we are discussing here: Drop Invalid if a Valid or NotFound less specific route exists.
When one designs implementable policy based on this, some nuances are important to consider.
The draft and the slides attempt to do that.
More information about the NANOG