AT&T/as7018 now drops invalid prefixes from peers

Job Snijders job at
Mon Feb 11 15:08:25 UTC 2019

Dear Jay, AT&T,

On Mon, Feb 11, 2019 at 09:53:45AM -0500, Jay Borkenhagen wrote:
> The AT&T/as7018 network is now dropping all RPKI-invalid route
> announcements that we receive from our peers.

Thanks for filtering us! :-)

AT&T doing origin validation combined with the peerlock-style AS_PATH
filters this makes for a pretty strongly protected path between you and

> We continue to accept invalid route announcements from our customers,
> at least for now. We are communicating with our customers whose
> invalid announcements we are propagating, informing them that these
> routes will be accepted by fewer and fewer networks over time.

I think this is a sensible strategy.

> Thanks to those of you who are publishing ROAs in the RPKI.  We would
> also like to encourage other networks to join us in taking this step
> to improve the quality of routing information in the Internet.

Thank you for paving the way!

If you can share more about the experience in terms of load on the
support tiers in your organisation, or questions from peering partners,
that could perhaps be helpful information for others in their

Kind regards,


More information about the NANOG mailing list