<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<br>
<br>
<div class="moz-cite-prefix">On 4/Jul/19 17:22, Francois Lecavalier
wrote:<br>
<br>
</div>
<blockquote type="cite"
cite="mid:fafcae612127470894242f736e633cf0@mindgeek.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--><o:p> </o:p>
<div class="WordSection1">
<p class="MsoNormal">Following that Verizon debacle I got
onboard with ROV, after a couple research I stopped my choice
on the ….drum roll…. CloudFlare GoRTR (<a
href="https://github.com/cloudflare/gortr"
moz-do-not-send="true">https://github.com/cloudflare/gortr</a>).
If you trust them enough they provide an updated JSON every 15
minutes of the global RIR aggregate. I’ll see down the road
if we’ll fetch them ourselves but at least it got us up and
running in less than an hour. It was also easy for us to
deploy as the routers and the servers are on the same PoP
directly connected, so we don’t need the whole encryption
recipe they provide for mass distribution.</p>
</div>
</blockquote>
<br>
Funny you should mention this... I was speaking with Tom today
during an RPKI talk he gave at MyNOG, about whether we'd be willing
to trust their RTR streams.<br>
<br>
But, I'm glad you found a quick solution to get you up and running.
Welcome to the club.<br>
<br>
<br>
<blockquote type="cite"
cite="mid:fafcae612127470894242f736e633cf0@mindgeek.com">
<div class="WordSection1">
<p class="MsoNormal"><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">But I also have a question for all the ROA
folks out there. So far we are not taking any action other
than lowering the local-pref – we want to make sure this is
stable before we start denying prefixes. So the question, is
it safe as of this date to : 1.Accept valid, 2. Accept
unknown, 3. Reject invalid? Have any large network who
implemented it dealt with unreachable destinations? I’m
wondering as I haven’t found any blog mentioning anything in
this regard and ClouFlare docs only shows example for valid
and invalid, but nothing for unknown.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">My assumption is that 1.Accept valid, 2.
Accept unknown, 3. Reject invalid shouldn’t break anything.<o:p></o:p></p>
</div>
</blockquote>
<br>
Well, a Valid and NotFound state implicitly mean that the routes can
be used for routing/forwarding. In that case, the only policy we
create and apply is against Invalid routes, which is to DROP them.<br>
<br>
Mark.<br>
</body>
</html>