Hurricane Electric has reached 0 RPKI INVALIDs in our routing table

Mark Tinka mark.tinka at
Wed Jun 17 14:33:44 UTC 2020

On 17/Jun/20 16:25, Jon Lewis wrote:

> The flip side of this though is that every time an IP space owner
> publishes an ROA for an aggregate IP block and overlooks the fact that
> they have customers BGP originating a subnet of the aggregate with an
> ASN not permitted by an ROA, HE has "less than a full table".  :(

This is a known business use-case and it's incumbent upon the address
and AS holders to co-ordinate this.

We dropped some prefixes due to this in October of last year. Once we
raised the issue with the remote network, it was fixed in 30 minutes.

> i.e. I'm questioning whether the system is mature enough and properly
> used widely enough for dropping RPKI invalids to be a good idea?

Well, if we don't deploy, nothing matures.

The problems we hit in the field will help to make the entire system


More information about the NANOG mailing list