CloudFlare issues?

• Previous message (by thread): CloudFlare issues?
• Next message (by thread): Real-world MPLS P/LSR experience on BCM T3 (X5/X7) vs T2+
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 6/Jul/19 22:05, Brett Frankenberger wrote:

> These were more-specifics, though.  So if you drop all the
> more-specifics as failing ROV, then you end up following the valid
> shorter prefix to the destination.

I can't quite recall which Cloudflare prefixes were impacted. If you
have a sniff at https://bgp.he.net/AS13335#_prefixes and
https://bgp.he.net/AS13335#_prefixes6 you will see that Cloudflare have
a larger portion of their IPv6 prefixes ROA'd than the IPv4 ones. If you
remember which Cloudflare prefixes were affected by the Verizon debacle,
we can have a closer look.


>   Quite possibly that points at the
> upstream which sent you the more-specific which you rejected, at which
> point your packets end up same going to the same place they would have
> gone if you had accepted the invalid more-specific.

But that's my point... we did not have the chance to drop any of the
affected Cloudflare prefixes because we do not use the ARIN TAL.

That means that we are currently ignoring the RPKI value of Cloudflare's
prefixes that are under ARIN.

Also, AFAICT, none of our current upstreams are doing ROV. You can see
that list here:

    https://bgp.he.net/AS37100#_graph4

Mark.

• Previous message (by thread): CloudFlare issues?
• Next message (by thread): Real-world MPLS P/LSR experience on BCM T3 (X5/X7) vs T2+
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]