A few questions regarding about RPKI/invalids

Jon Lewis jlewis at lewis.org
Wed Mar 30 14:06:12 UTC 2022


On Wed, 30 Mar 2022, Drew Weaver wrote:

> We’ve noticed that there are a number of routes being passed along from 3356 with invalid origin AS.
> 
> Of those, almost all of them are being passed to 3356 from 3549 (legacy Global Crossing) and there is no valid path available for any of these prefixes (at least according
> to the ROA).
> 
> Ex 45.176.191.0/24   3356 3549 11172 270150
> 
> RPKI ROA entry for 45.176.191.0/24-24
> 
>   Origin-AS: 265621

I'm seeing that route, same origin.  Those who do RPKI ROV do not see that 
route.  Hurricane Electric, for example, via their looking glass has no 
route for that IP space.

You would think the pain inflicted by parts of the Internet ignoring your 
routes would get RPKI oops's like this fixed relatively quickly.  It may 
depend on how much of the Internet they regularly exchange bits with and 
how many of those networks actually do ROV.

----------------------------------------------------------------------
  Jon Lewis, MCP :)           |  I route
  StackPath, Sr. Neteng       |  therefore you are
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________


More information about the NANOG mailing list