"Is BGP safe yet?" test
Andrey Kostin
ankost at podolsk.ru
Thu Apr 23 16:37:12 UTC 2020
Vincent Bernat писал 2020-04-22 15:26:
> ❦ 22 avril 2020 12:51 -04, Andrey Kostin:
>
>> BTW, has anybody yet thought/looked into extending RPKI-RTR protocol
>> for validation of prefixes received from peer-as to make ingress
>> filtering more dynamic and move away prefix filters from the routers?
>
> It could be used as is if the client implementations were a bit more
> flexible.
>
> With BIRD, you decide which AS to match. So you can match on the
> neighbor AS instead of the origin AS. Then, you can use something like
> GoRTR which accepts using JSON files instead of the RPKI as source.
> BIRD
> also allows you to have several ROA tables. So, you can check against
> the "real" RPKI as well as against your custom IRR-based RPKI.
That's what I meant. So I guess IX operators already can use BIRD on
route-servers for prefix filtering. I think it could be useful on hw
routers as well.
Kind regards,
Andrey
More information about the NANOG
mailing list