[RPKI] Accepting smaller routes than RPKI object allows (blackholing)

Klimek, Denis DKlimek at Stadtwerke-Norderstedt.de
Thu Aug 29 11:42:07 UTC 2019

In that scenario a customer could blackhole traffic for foreign ip addresses :-/

Mit freundlichem Gruß
Stadtwerke Norderstedt

Denis Klimek

Professional Network Engineer

Tel:        040 / 521 04 – 1049
Mobil:    0151 / 652 219 06

dklimek at stadtwerke-norderstedt.de<mailto:dklimek at stadtwerke-norderstedt.de>

Von: Chriztoffer Hansen [mailto:chriztoffer at netravnen.de]
Gesendet: Donnerstag, 29. August 2019 13:12
An: Klimek, Denis
Cc: 'rpki at nlnetlabs.nl'
Betreff: Re: [RPKI] Accepting smaller routes than RPKI object allows (blackholing)

On 29 August 2019 at 09:43:30 -00:00, Klimek, Denis <DKlimek at stadtwerke-norderstedt.de> wrote:

Today I played around with RPKI against our customer BGP sessions and noticed that if a customer wants to send a /32 or /128 route to blackhole his traffic that this is not accepted due invalid rpki state.
Why not re-configure your route-map to accept host routes. Before the RPKI state validation is done later in the route-map?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/rpki/attachments/20190829/79832922/attachment.htm>

More information about the RPKI mailing list