[RPKI] Accepting smaller routes than RPKI object allows (blackholing)

Job Snijders job at ntt.net
Thu Aug 29 11:51:14 UTC 2019


On Thu, Aug 29, 2019 at 01:43:58PM +0200, Melchior Aelmans wrote:
> Obviously you would only allow your customer to advertise host-routes
> that are within his prefix ranges I would think...

How do you generate that list of allowed prefixes reliably? If you base
it on IRR, anyone can include AS15169 in thei AS-SET and subsequently
8.8.8.0/24 and friends would make their way into the allowlist. This
approach is as bad as what all providers already do today, hence my
proposal on the iepg website.

> But yes what Chriztoffer suggested is the way to do this for now.

It depends on how you interpret what Chriztoffer suggested

Kind regards,

Job



More information about the RPKI mailing list