Understanding impact of RPKI and ROA on existing advertisements

• Previous message (by thread): Understanding impact of RPKI and ROA on existing advertisements
• Next message (by thread): Understanding impact of RPKI and ROA on existing advertisements
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Tue, Nov 01, 2022 at 12:01:46PM -0400, Jon Lewis:
> One danger with RPKI, is shooting yourself (or customers) in the foot by 
> creating too general a ROA.  i.e. Suppose you have an ARIN /20.  You have 
> a multihomed customer to whom you've assigned a /24 from your /20.  You 
> create a ROA for the /20 saying your ASN is authorized to originate your 
> /20.  Now that customer /24 has become an RPKI-invalid, and the customer 
> may find that their other provider is filtering their /24 advertisement.

ie: you must also create roa(s) for your bgp customer's more specific(s) of
your aggregate.

• Previous message (by thread): Understanding impact of RPKI and ROA on existing advertisements
• Next message (by thread): Understanding impact of RPKI and ROA on existing advertisements
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]