AS3356 Announcing 2000::/12

• Previous message (by thread): AS3356 Announcing 2000::/12
• Next message (by thread): AS3356 Announcing 2000::/12
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Dec 8, 2022 at 1:45 AM Heasley <heas at shrubbery.net> wrote:
>
>
>
> Am 12/7/22 um 22:25 schrieb Don Beal <don at depref.net>:
>
> 
> How can RPKI / OV prevent such a leak when there is no ROA for 2000::/12,
>
>
> If all ASes participated, no „unknowns“, unknowns could be dropped, ….
>

yea that might be a tad dangerous today :(
and don's right :( unknown is hard today :( (darn you don for being
practical! :) )

crud.. but iRR filters! :)


> what would 6762|2914|174|* invalidate against? Until a future where everything is 'valid', RPKI is unable to pare out less-specific conflicts.
>
> It does look like 3356 pulled the announcement, which is good.
>
>
> On Thu, Dec 8, 2022 at 4:48 AM Christopher Morrow <morrowc.lists at gmail.com> wrote:
>>
>> On Wed, Dec 7, 2022 at 11:25 PM Ryan Hamel <administrator at rkhtech.org> wrote:
>> >
>> > AS3356 has been announcing 2000::/12 for about 3 hours now, an aggregate covering over 23K prefixes (just over 25%) of the IPv6 DFZ.
>> >
>> >
>>
>> interesting that this is leaking outside supposed RPKI OV boundaries as well.
>> For example:
>>   6762 3356
>>   2914 3356
>>   174 3356 (apologies to 174, I forget if they signed up to the 'doin
>> ov now' plan)

• Previous message (by thread): AS3356 Announcing 2000::/12
• Next message (by thread): AS3356 Announcing 2000::/12
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]