"Is BGP safe yet?" test

Mark Tinka mark.tinka at seacom.mu
Tue Apr 21 10:01:13 UTC 2020


On 21/Apr/20 08:51, Matt Corallo via NANOG wrote:

> Instead of RIRs coordinating address space use by keeping a public list which is (or should be) checked when a new peering session is added, RPKI shifts RIRs into the hot path of routing updates. Next time the US government decides some bad, bad, very bad country should be cut off from the world with viral sanctions, there’s a new tool available - by simply editing a database, every border router in the world will refuse to talk to $EVIL.

This keeps coming up.

If a ROA disappears, RPKI state reverts to NotFound. Unless dropping
"NotFound" is now BCP, I think we'll be okay.

Mark.



More information about the NANOG mailing list