Hurricane Electric has reached 0 RPKI INVALIDs in our routing table

• Previous message (by thread): Hurricane Electric has reached 0 RPKI INVALIDs in our routing table
• Next message (by thread): Re: Hurricane Electric has reached 0 RPKI INVALIDs in our routing table
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 17 Jun 2020, Richa wrote:

> Job,
>
>
>> RPKI ROA creation is a big hammer. Everyone needs to think carefully
>> about each ROA they create and if it will positively or negatively
>> impact their network.
>
> Could you please shed some more light on the above?
>
> How would ROA negatively impact if ROA(s) is created such that the entire prefix set is covered?

Just like I said, if you create an ROA for an aggregate, forgetting that 
you have customers using subnets of that aggregate (or didn't create ROAs 
for customer subnets with the right origin ASNs), you're literally telling 
those using RPKI to verify routes "don't accept our customers' routes." 
That might not be bad for "your network", but it's probably bad for 
someone's.

----------------------------------------------------------------------
  Jon Lewis, MCP :)           |  I route
  StackPath, Sr. Neteng       |  therefore you are
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

• Previous message (by thread): Hurricane Electric has reached 0 RPKI INVALIDs in our routing table
• Next message (by thread): Re: Hurricane Electric has reached 0 RPKI INVALIDs in our routing table
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]