Starting to Drop Invalids for Customers

Mark Tinka mark.tinka at seacom.mu
Fri Jan 10 12:39:31 UTC 2020


So just an update on this.

We've since completed the roll-out of dropping Invalids on eBGP sessions
with customers as well.

It also included some Cisco ME3600X routers that will ultimately be
replaced this year by Cisco ASR920 routers.

All in all, no major drama. 2 main issues I'd like to highlight:

  * We came across a number of customers whose routes were marked as
    Invalid due to inconsistent route origination, i.e., they had their
    routes originated by them and one or more other ASN's who had not
    created corresponding ROA's for the same.

  * In IOS XE, all iBGP routes are marked as Valid by default. This is
    not a big problem in practice, however, because all eBGP points are
    checked for RPKI state, and anything marked as Invalid is dropped.
    So whatever will appear in the iBGP would have already been scraped.
    Of course, IOS XE doing this is not ideal at all, and they are
    breaking the RFC mandate, but it doesn't cause any real harm.

Mark.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20200110/47307a1c/attachment.html>


More information about the NANOG mailing list