Reaching out to ARIN members about their RPKI INVALID prefixes
baldur.norddahl at gmail.com
Thu Sep 20 16:56:43 UTC 2018
tor. 20. sep. 2018 02.56 skrev Owen DeLong <owen at delong.com>:
> Again, unless you can trust the data in the IRR to build a complete list
> of valid AS Paths from the ORIGIN, you can’t safely reject a fake route
> that has the correct prepend.
Or you can have each hob validate. For example if HE.net did RPKI
validation, it would be effective due to their large number of peerings. If
my network has HE.net as one of my uplinks, someone might fake the route
via one of my other uplinks, but we would not pick that route due to longer
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the NANOG