[RPKI] Accepting smaller routes than RPKI object allows (blackholing)
job at ntt.net
Thu Aug 29 11:51:14 UTC 2019
On Thu, Aug 29, 2019 at 01:43:58PM +0200, Melchior Aelmans wrote:
> Obviously you would only allow your customer to advertise host-routes
> that are within his prefix ranges I would think...
How do you generate that list of allowed prefixes reliably? If you base
it on IRR, anyone can include AS15169 in thei AS-SET and subsequently
22.214.171.124/24 and friends would make their way into the allowlist. This
approach is as bad as what all providers already do today, hence my
proposal on the iepg website.
> But yes what Chriztoffer suggested is the way to do this for now.
It depends on how you interpret what Chriztoffer suggested
More information about the RPKI