Analysing traffic in context of rejecting RPKI invalids using pmacct

• Previous message (by thread): Analysing traffic in context of rejecting RPKI invalids using pmacct
• Next message (by thread): Analysing traffic in context of rejecting RPKI invalids using pmacct
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Mar 12, 2019 at 9:26 AM Jay Borkenhagen <jayb at att.com> wrote:

>
>
> Thanks for the update, but based on that description I'm not certain
> that you implemented the same thing that pmacct built, which IMO is
> what is needed by those considering deploying a drop-invalids policy.
> (Perhaps you omitted mentioning that ability in your description but
> included it in your implementation.)
>
>
Thanks Jay, you are correct. As we were talking through the logic we
realized we missed that bit. Internally, we're working though the logic to
understand if there is a covering route, is that route valid, and if not,
will we recurse and look for another covering route that is valid?

Either way, we'll be updating our software with that functionality shortly.

-Steve
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20190313/f7d97820/attachment.html>

• Previous message (by thread): Analysing traffic in context of rejecting RPKI invalids using pmacct
• Next message (by thread): Analysing traffic in context of rejecting RPKI invalids using pmacct
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]