new tool: rpki-ov-checker

Job Snijders job at ntt.net
Thu Feb 6 11:43:44 UTC 2020


Oops, I see a fat typo slipped in - the correct URL is
https://github.com/job/rpki-ov-checker :-)

Kind regards,

Job

On Thu, Feb 6, 2020 at 20:35 Job Snijders <job at ntt.net> wrote:

> Dear ops,
>
> I wrote a simple tool to figure out what kind of invalid a rpki invalid
> is, this can aid people in understanding the impact of "invalid ==
> reject" routing policies. Only "invalid_unreachable" routes present
> an operational issue in my opinion, IP addresses covered by "notfound"
> or "valid" less specific routes will still be reachable.
>
> You pass it a file name (or via stdin) with one prefix and origin ASN
> per line (white space separated) representing your full BGP RIB, and
> then you can grep specific for the task at hand to extract the info you
> need:
>
> $ rpki-ov-checker full_rib | fgrep -f customer_prefixes | grep invalid |
> sort -R | head
> invalid_covered_by_notfound 123.101.0.0/21 4809 covering route:
> 123.101.0.0/16 4134
> invalid_covered_by_valid 46.3.74.0/24 134121 covering route: 46.3.0.0/16
> 207636
> invalid_unreachable 83.231.209.0/24 3949
> invalid_unreachable 124.30.247.0/24 9583
> invalid_covered_by_valid 125.21.232.0/24 9730 covering route:
> 125.21.0.0/16 9498
> invalid_unreachable 120.29.92.0/24 17639
> invalid_unreachable 31.40.164.0/24 200872
> invalid_covered_by_notfound 45.12.139.0/24 40676 covering route:
> 45.12.136.0/22 35913
> invalid_covered_by_valid 122.160.178.0/24 24560 covering route:
> 122.160.0.0/16 24560
> invalid_covered_by_valid 61.90.251.0/24 21734 covering route:
> 61.90.192.0/18 7470
>
> NTT is using this to figure out who we need to help fix their ROA or
> correct their BGP announcements.
>
> Get the goods at https://githqub.com/job/rpki-ov-checker
>
> Enjoy!
>
> Kind regards,
>
> Job
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20200206/79c94d9b/attachment.html>


More information about the NANOG mailing list