"Is BGP safe yet?" test
Denys Fedoryshchenko
nuclearcat at nuclearcat.com
Mon Apr 20 18:36:28 UTC 2020
There is simple use case that will prove this page is giving false
positive
for their "name&shame" strategy.
Any AS owner with default route only (yes it happens a lot) users will
get:
"YOUR ISP TERRIBLE, HIS BGP NOT SAFE!".
But he have nothing to validate! His BGP is implemented safely,
its just his upstream is not validating routes.
On 2020-04-20 21:21, Andrey Kostin wrote:
> Mark Tinka писал 2020-04-20 12:57:
>> On 20/Apr/20 18:50, Tom Beecher wrote:
>>
>>
>> I (and Ben, and a few others) are all too familiar with the ARIN
>> madness
>> around their TAL.
>>
>> Simple - we just don't accept it, which means our networks will be
>> unsafe against North American resources. Highly doubtful my
>> organization
>> is that interested in how the ARIN region may or may not impact our
>> interest in deploying RPKI on this side of the planet, when the rest
>> of
>> the world are less mad about it :-).
>
> So this means that there is no single source of truth for PRKI
> implementation all around the world and there are different shades,
> right? As a logical conclusion, the information provided on that page
> may be considered incorrect in terms of proclaiming particular network
> safe or not safe, but when it's claimed (sometimes blatantly) we now
> have to prove to our clients that we are not bad guys.
>
> Kind regards,
> Andrey
More information about the NANOG
mailing list