Reactive RPKI ROV (Was: Hurricane Electric has reached 0 RPKI INVALIDs)

Baldur Norddahl baldur.norddahl at
Wed Jun 17 11:42:36 UTC 2020

Lets say someone makes an announcement that creates a RPKI invalid and 
it is determined to be a mistake. They then go back and add ROA objects 
to fix the problem. With this reactive RPKI approach then continue to 
block the route because filters where already generated and pushed out 
to routers? Or in other words, if the system can insert the filter in 
less than 60 seconds, how long does it take to get rid of the filter 
again when someone publish valid a ROA ?



More information about the NANOG mailing list