[RPKI] Accepting smaller routes than RPKI object allows (blackholing)
Klimek, Denis
DKlimek at Stadtwerke-Norderstedt.de
Thu Aug 29 09:43:30 UTC 2019
Dear all,
we've deployed RPKI weeks ago against our transit and peering session all over our network which works fine so far :)
Today I played around with RPKI against our customer BGP sessions and noticed that if a customer wants to send a /32 or /128 route to blackhole his traffic that this is not accepted due invalid rpki state.
Is it somehow possible to reconfigure Routinator to send a valid state for hostroutes if the "parent" object is valid?
Otherwise I do not see any chance to run RPKI alone without local prefix lists to allow customers to send blackhole routes.
Mit freundlichem Gruß
Stadtwerke Norderstedt
Denis Klimek
Professional Network Engineer
IP-Systemtechnik
Tel: 040 / 521 04 - 1049
Mobil: 0151 / 652 219 06
dklimek at stadtwerke-norderstedt.de<mailto:dklimek at stadtwerke-norderstedt.de>
www.stadtwerke-norderstedt.de<http://www.stadtwerke-norderstedt.de/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/rpki/attachments/20190829/81ebe7d9/attachment.htm>
More information about the RPKI
mailing list