"Is BGP safe yet?" test

• Previous message (by thread): "Is BGP safe yet?" test
• Next message (by thread): FCC Enforcement Bureau requests Traceback Consortium
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Vincent Bernat писал 2020-04-22 15:26:
> ❦ 22 avril 2020 12:51 -04, Andrey Kostin:
> 
>> BTW, has anybody yet thought/looked into extending RPKI-RTR protocol
>> for validation of prefixes received from peer-as to make ingress
>> filtering more dynamic and move away prefix filters from the routers?
> 
> It could be used as is if the client implementations were a bit more
> flexible.
> 
> With BIRD, you decide which AS to match. So you can match on the
> neighbor AS instead of the origin AS. Then, you can use something like
> GoRTR which accepts using JSON files instead of the RPKI as source. 
> BIRD
> also allows you to have several ROA tables. So, you can check against
> the "real" RPKI as well as against your custom IRR-based RPKI.

That's what I meant. So I guess IX operators already can use BIRD on 
route-servers for prefix filtering. I think it could be useful on hw 
routers as well.

Kind regards,
Andrey

• Previous message (by thread): "Is BGP safe yet?" test
• Next message (by thread): FCC Enforcement Bureau requests Traceback Consortium
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]