Analysing traffic in context of rejecting RPKI invalids using pmacct

• Previous message (by thread): Analysing traffic in context of rejecting RPKI invalids using pmacct
• Next message (by thread): Analysing traffic in context of rejecting RPKI invalids using pmacct
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Jay:

>When we (as7018) were preparing to begin dropping invalid routes
>received from peers earlier this year, that is exactly the kind of
>analysis we did.  In our case we rolled our own with a two-pass
>process: we first found all the traffic to/from invalid routes by a
>bgp community we gave them, then outside of our flow analysis tool we
>further filtered the traffic for invalid routes which were covered by
>less-specific not-invalid routes.  What remained was the traffic we
>would lose once invalid routes were dropped.  Had the pmacct
>capability existed at that time, we would have used it.

We (NIST) did a detailed analysis of Invalid routes (with Routeviews data)
that was presented at IETF 101:
https://datatracker.ietf.org/meeting/101/materials/slides-101-sidrops-origin-validation-policy-considerations-for-dropping-invalid-routes-00
See slides 10-13. We tried to drill down on Invalid routes which were covered by
less-specific not-invalid routes. We examined questions like:
how often does the less-specific route have the same origin AS (OAS) as the Invalid,
and, if not, then how frequently is the OAS of the less specific route
a transit provider of the OAS of the Invalid route?
We plan to update the results periodically.
Sriram
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20190315/f17881ec/attachment.html>

• Previous message (by thread): Analysing traffic in context of rejecting RPKI invalids using pmacct
• Next message (by thread): Analysing traffic in context of rejecting RPKI invalids using pmacct
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]