"Is BGP safe yet?" test
bernat at luffy.cx
Wed Apr 22 19:26:10 UTC 2020
❦ 22 avril 2020 12:51 -04, Andrey Kostin:
> BTW, has anybody yet thought/looked into extending RPKI-RTR protocol
> for validation of prefixes received from peer-as to make ingress
> filtering more dynamic and move away prefix filters from the routers?
It could be used as is if the client implementations were a bit more
With BIRD, you decide which AS to match. So you can match on the
neighbor AS instead of the origin AS. Then, you can use something like
GoRTR which accepts using JSON files instead of the RPKI as source. BIRD
also allows you to have several ROA tables. So, you can check against
the "real" RPKI as well as against your custom IRR-based RPKI.
Choose variable names that won't be confused.
- The Elements of Programming Style (Kernighan & Plauger)
More information about the NANOG