RPKI race

Melchior Aelmans melchior at aelmans.eu
Wed Jun 17 16:03:16 UTC 2020


Hi all,

We (Juniper) are aware of the challenges with internet-in-a-VRF and RPKI
OV. Hence work is in progress to solve some of these issues.
If there's news (and I remember this promise) I will update. Feel free to
ping me.

Cheers,
Melchior

On Wed, Jun 17, 2020 at 10:30 AM Mark Tinka <mark.tinka at seacom.mu> wrote:

>
>
> On 17/Jun/20 10:20, Baldur Norddahl wrote:
>
>
>
> On Wed, Jun 17, 2020 at 10:07 AM Niels den Otter <
> niels.denotter at surfnet.nl> wrote:
>
>> Hello Baldur,
>>
>> If you want to validate routes in a VRF you need to configure;
>>
>> set routing-options validation notification-rib <rib>
>>
>> Have you done so?
>>
>>
>>
> That was missing from the config. After adding it and running the command
> "request validation policy" I got the prefixes validated.
>
>
> Not to sound funny, but this is one of the reasons I am still afraid to
> run the Internet in a VRF. There are a lot more things to consider, I've
> often found, compared to what you take for granted in the global table.
>
> That said, this is great to know, given that many operators run the
> Internet in a VRF, and we need RPKI + ROV to be supported far and wide.
>
> Mark.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20200617/c693a0ec/attachment.html>


More information about the NANOG mailing list