Starting to Drop Invalids for Customers
Randy Bush
randy at psg.com
Mon Dec 16 21:49:19 UTC 2019
[ found in old emacs buffer. might have already been sent ]
>> Invalid according to RPKI or IRR? Or both?
>
> In this context the use of the word “invalid” refers to the result of
> validation procedure described in RFC 6811 - which is to match received BGP
> updates to the RPKI and attach either of “valid”, “invalid”, or “not-found”.
>
> In IRR, the challenge has always been that “route:” objects describe a
> state of the network that may exist, but the semantics of “route:” objects
> don’t allow extrapolation towards what should definitely *not* exist in the
> BGP Default-Free Zone.
>
> RPKI ROAs (compared to IRR objects) carry different meaning: the existence
> of a ROA (both by definition and common implementation) supersedes other
> data sources (IRR, LOAs, or comments in whois records, etc), and as such
> can be used on any type of EBGP session for validation of the received
> Internet routing information.
do not disagree with your pedantry. but ...
as i am pretty sure arturo knows all that. i suspect he was wondering
if mark is gonna throw irr data in the mix the way chris says google
will (or does?). and if so, how? seems a useful question.
irr acls scale poorly in routers. but mark said customer-facing, which
could be reasonable depending on the platform. e.g. ntt uses irr-based
acls toward customers.
but i am cheered if mark is dropping rpki-based origin validation
invalids. it's a big step.
randy
More information about the NANOG
mailing list