AT&T/as7018 now drops invalid prefixes from peers

• Previous message (by thread): AT&T/as7018 now drops invalid prefixes from peers
• Next message (by thread): AT&T/as7018 now drops invalid prefixes from peers
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

valdis.kletnieks at vt.edu writes:
 > On Mon, 11 Feb 2019 09:53:45 -0500, Jay Borkenhagen said:
 > > The AT&T/as7018 network is now dropping all RPKI-invalid route
 > > announcements that we receive from our peers.  
 > 
 > Congrats!

Thanks!

 > Are you able to comment on what amount of routes are getting dropped?

In round numbers, we dropped about 5000 invalid prefixes total between
ipv4 and ipv6.  Roughly half of those prefixes were covered by
less-specific non-invalid routes, so connectivity should not have been
affected for those prefixes (assuming an announcement yields
reachability to all destinations within it).  Flow analysis was
showing just a couple Gbps of traffic to all invalid routes all across
the country, and much less than that with those invalids having no
covering less-specifics.

						Jay B.

• Previous message (by thread): AT&T/as7018 now drops invalid prefixes from peers
• Next message (by thread): AT&T/as7018 now drops invalid prefixes from peers
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]