SOLVED (was Re: request for help: 192.139.135.0/24)

Job Snijders job at ntt.net
Wed Apr 3 15:22:33 UTC 2019


Hi all,

On Wed, Apr 03, 2019 at 10:59:18AM -0400, Jay Borkenhagen wrote:
> I urge folks facing similar problems to publish RPKI ROAs for their IP
> resources. [snip] the verifiable statements in RPKI ROAs can be
> attributed to you as the actual resource holder, thus helping folks
> base their response actions on your intent.
> 
> If you are not facing similar problems today, you could be tomorrow:
> so publish your ROAs now!

Jay is touching upon a very important aspect here: without the RPKI ROA
it would've taken NTT significantly more effort to decide whether
removal of the erroneous IRR route object would've been appropriate or
not. We consider RPKI ROAs a higher source of truth, so drawing
conclusions when faced with unvalidated IRR data is a breeze.

RPKI ROAs can be instrumental in resolving issues of administrative
nature. Keep in mind that ROAs are not just for BGP Origin Validation
but serve other useful purposes too. Publish your ROAs today!

Kind regards,

Job

ps. Usual caveats apply to IP resources managed through ARIN; the ARIN
TAL is not as well distributed as RPKI TALs from other RIRs; this
essentially has lead to a degradation of the quality of ARIN's RPKI
service. This policy proposal may help address operational issues:
https://www.arin.net/participate/policy/drafts/2019_4/



More information about the NANOG mailing list