Reaching out to ARIN members about their RPKI INVALID prefixes

• Previous message (by thread): Reaching out to ARIN members about their RPKI INVALID prefixes
• Next message (by thread): Reaching out to ARIN members about their RPKI INVALID prefixes
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

tor. 20. sep. 2018 02.56 skrev Owen DeLong <owen at delong.com>:

>
> Again, unless you can trust the data in the IRR to build a complete list
> of valid AS Paths from the ORIGIN, you can’t safely reject a fake route
> that has the correct prepend.
>


Or you can have each hob validate. For example if HE.net did RPKI
validation, it would be effective due to their large number of peerings. If
my network has HE.net as one of my uplinks, someone might fake the route
via one of my other uplinks, but we would not pick that route due to longer
AS path.

Regards

Baldur
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20180920/faa9ea38/attachment.html>

• Previous message (by thread): Reaching out to ARIN members about their RPKI INVALID prefixes
• Next message (by thread): Reaching out to ARIN members about their RPKI INVALID prefixes
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]