A few questions regarding about RPKI/invalids

• Previous message (by thread): Internet Storm Center says Russia hijacking Twitter's BGP
• Next message (by thread): A few questions regarding about RPKI/invalids
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

We've noticed that there are a number of routes being passed along from 3356 with invalid origin AS.

Of those, almost all of them are being passed to 3356 from 3549 (legacy Global Crossing) and there is no valid path available for any of these prefixes (at least according to the ROA).

Ex 45.176.191.0/24   3356 3549 11172 270150

RPKI ROA entry for 45.176.191.0/24-24
  Origin-AS: 265621

Two questions:

First, are you also seeing this on this specific route?

Second, is there a certain number of "expected" invalid routes? (not including unknowns)

Third, how are you handling specifically the large number of routes from 3356 3549 which invalid origin AS? Are you just "letting the bodies hit the floor"? or are you carving those out somehow?

I'm mostly just curious what other members of the community are seeing/doing in regards to this.

Thanks,
-Drew







-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20220330/a843d086/attachment.html>

• Previous message (by thread): Internet Storm Center says Russia hijacking Twitter's BGP
• Next message (by thread): A few questions regarding about RPKI/invalids
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]