RPKI unknown for superprefixes of existing ROA ?

• Previous message (by thread): RPKI unknown for superprefixes of existing ROA ?
• Next message (by thread): RPKI unknown for superprefixes of existing ROA ?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 22 Oct 2023 at 20:33, Tom Beecher <beecher at beecher.cc> wrote:

> Basically, I guess, it means that the AS 0 solution shouldn't be used, at
>> least not usually.
>>
>
> It's like everything else. Understand what the tools do and what they
> don't do, and use them appropriately.
>


A primary risk for an IXP is the existence of a more-specific of the IX
peering LAN prefix, a less-specific wouldn’t matter or inflict damage.

So in the above context an AS 0 ROAs can be useful to improve protection of
IXP Peering LANs where the IX operator doesn’t want the fabric to be
globally reachable - and one of the IX participants failed to correctly
EBGP in/out policies.

Kind regards,

Job

>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20231022/41ba5071/attachment.html>

• Previous message (by thread): RPKI unknown for superprefixes of existing ROA ?
• Next message (by thread): RPKI unknown for superprefixes of existing ROA ?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]