[RPKI] Accepting smaller routes than RPKI object allows (blackholing)
Job Snijders
job at ntt.net
Thu Aug 29 12:03:22 UTC 2019
Hi Tim,
On Thu, Aug 29, 2019 at 12:01 PM Tim Bruijnzeels <tim at nlnetlabs.nl> wrote:
> Maybe you can use an export of the VRPs to find the networks for your specific customer ASNs, that you would want to allow them to send /32 or /128 on.
Right, but that doesn't help you find the customers of your customers.
> Unfortunately RPKI implementations in the router do not differentiate between invalid_asn and invalid_length (but correct ASN). Otherwise you could have required (rpki valid | rpki invalid-length).
Yes, that would be interesting but is not possible on today's routers.
> Or am I mis-understanding the issue here? Sorry, just learning about actual routing operations, so looking at this from a more theoretical rpki angle - where I have a bit more experience :D
Kind regards,
Job
More information about the RPKI
mailing list