Cloudflare OCTO RPKI Validator - LACNIC CAs issues

Douglas Fischer fischerdouglas at gmail.com
Fri Apr 23 11:58:15 UTC 2021 

Something was done to correct this...

https://rpki.cloudflare.com/?view=validator&validateRoute=22548_200.160.0.0%2F20

The result that I checked yesterday (2021/04/22) was saying Unknow.
https://pasteboard.co/JYy8fjI.png
Today(2021-04-23) the result is saying Valid.
https://pasteboard.co/JYExkjY.png

In the next image/link we can see a huge grow on the graph of LACNIC
TrustAnchor at CloudFlare Validator.
https://rpki.cloudflare.com/?ohlcTa=LACNIC
https://pasteboard.co/JYEBE8o.png


I Would like to know if what corrected this was done on LACNIC side, or
OCTORPKI side.


Em qui., 22 de abr. de 2021 às 16:47, Douglas Fischer <
fischerdouglas at gmail.com> escreveu:

> Does anybody else have problems with Cloudflare's RPKI Validator with
> prefixes from LACNIC?
>
> Customers were sending us some reports of issues with LACNIC's IPBlocks
> using Cloudflare RPKI as source of validation.
>
> A friend and I did some checks. And looks like that some issue is
> happening on the Lacnic Trust Anchor, specifically on OctoRPKI.
> We took the Registro.Br Prefix to do the tests -> 200.160.0.0/20 ->
> AS22548
>
>  -> On Cloudflare
>
> https://rpki.cloudflare.com/?view=validator&validateRoute=22548_200.160.0.0%2F20
> AS22548_200.160.0.0/20 is Unknown at 19:30 20201-04-22
> https://pasteboard.co/JYy8fjI.png
>
> -> On Ripe
> https://rpki-validator.ripe.net/bgp-preview
> AS22548_200.160.0.0/20 is Valid at 19:30 20201-04-22
> https://pasteboard.co/JYycsd4.png
>
> An interesting thing is that on the graph of ROAs over Timer of the Lacnic
> Trust Anchor shows a big drop on 20201/04/19.
> https://rpki.cloudflare.com/?ohlcTa=LACNIC
> "Volume Removed: 14.761"
> "ROAs Removed: 13.392"
> https://pasteboard.co/JYyeSaw.png
>
> Any idea of possible causes?
> Any suggestions on how to solve it?
>
> --
> Douglas Fernando Fischer
> Engº de Controle e Automação
>


-- 
Douglas Fernando Fischer
Engº de Controle e Automação
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20210423/9a41e3ba/attachment.html>

More information about the NANOG mailing list