AT&T/as7018 now drops invalid prefixes from peers
Denis Fondras
xxnog at ledeuns.net
Tue Feb 12 15:09:36 UTC 2019
On Tue, Feb 12, 2019 at 03:05:28PM +0000, Nick Hilliard wrote:
> Matthew Walster wrote on 12/02/2019 14:50:
> > For initial deployment, this can seem attractive, but remember that one
> > of the benefits an ROA gives is specifying the maximum prefix length.
> > This means that someone can't hijack a /23 with a /24.
>
> they can if they forge the source ASN. RPKI helps against misconfigs rather
> than intentional hijackings.
>
Only if you specify a a minlen of /23 and a maxlen of /24 and you only
announce a /23. Which you should not.
More information about the NANOG
mailing list