[RPKI] Accepting smaller routes than RPKI object allows (blackholing)

Klimek, Denis DKlimek at Stadtwerke-Norderstedt.de
Thu Aug 29 09:43:30 UTC 2019

Dear all,

we've deployed RPKI weeks ago against our transit and peering session all over our network which works fine so far :)
Today I played around with RPKI against our customer BGP sessions and noticed that if a customer wants to send a /32 or /128 route to blackhole his traffic that this is not accepted due invalid rpki state.
Is it somehow possible to reconfigure Routinator to send a valid state for hostroutes if the "parent" object is valid?

Otherwise I do not see any chance to run RPKI alone without local prefix lists to allow customers to send blackhole routes.

Mit freundlichem Gruß
Stadtwerke Norderstedt

Denis Klimek

Professional Network Engineer

Tel:        040 / 521 04 - 1049
Mobil:    0151 / 652 219 06

dklimek at stadtwerke-norderstedt.de<mailto:dklimek at stadtwerke-norderstedt.de>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/rpki/attachments/20190829/81ebe7d9/attachment.htm>

More information about the RPKI mailing list