plea for comcast/sprint handoff debug help
Randy Bush
randy at psg.com
Sat Oct 31 10:06:24 UTC 2020
> - Randy says: "finding the fort rp to be pretty solid!" I'll say that
> if you loaded a fresh Fort and fresh Routinator install, they would both
> have your ROAs.
> - The sense of "stickiness" is local only; hence to my mind the
> protection against "downgrade" attack is somewhat illusory. A fresh install
> knows nothing of history.
fort running
enabled rrdp on server
router reports
r0.sea#sh ip bgp rpki table | i 3130
147.28.0.0/20 20 3130 0 147.28.0.84/323
147.28.0.0/19 19 3130 0 147.28.0.84/323
147.28.64.0/19 19 3130 0 147.28.0.84/323
147.28.96.0/19 19 3130 0 147.28.0.84/323
147.28.128.0/19 19 3130 0 147.28.0.84/323
147.28.160.0/19 19 3130 0 147.28.0.84/323
147.28.192.0/19 19 3130 0 147.28.0.84/323
192.83.230.0/24 24 3130 0 147.28.0.84/323
198.180.151.0/24 24 3130 0 147.28.0.84/323
198.180.153.0/24 24 3130 0 147.28.0.84/323
disabled rrdp on server
added new roa 198.180.151.0/25
waited a while
router reports
r0.sea#sh ip bgp rpki table | i 3130
147.28.0.0/20 20 3130 0 147.28.0.84/323
147.28.0.0/19 19 3130 0 147.28.0.84/323
147.28.64.0/19 19 3130 0 147.28.0.84/323
147.28.96.0/19 19 3130 0 147.28.0.84/323
147.28.128.0/19 19 3130 0 147.28.0.84/323
147.28.160.0/19 19 3130 0 147.28.0.84/323
147.28.192.0/19 19 3130 0 147.28.0.84/323
192.83.230.0/24 24 3130 0 147.28.0.84/323
198.180.151.0/25 25 3130 0 147.28.0.84/323 <<<===
198.180.151.0/24 24 3130 0 147.28.0.84/323
198.180.153.0/24 24 3130 0 147.28.0.84/323
as i said, fort seems solid
randy
More information about the NANOG
mailing list