[RPKI] Accepting smaller routes than RPKI object allows (blackholing)

Job Snijders job at ntt.net
Thu Aug 29 12:03:22 UTC 2019


Hi Tim,

On Thu, Aug 29, 2019 at 12:01 PM Tim Bruijnzeels <tim at nlnetlabs.nl> wrote:
> Maybe you can use an export of the VRPs to find the networks for your specific customer ASNs, that you would want to allow them to send /32 or /128 on.

Right, but that doesn't help you find the customers of your customers.

> Unfortunately RPKI implementations in the router do not differentiate between invalid_asn and invalid_length (but correct ASN). Otherwise you could have required (rpki valid | rpki invalid-length).

Yes, that would be interesting but is not possible on today's routers.

> Or am I mis-understanding the issue here? Sorry, just learning about actual routing operations, so looking at this from a more theoretical rpki angle - where I have a bit more experience :D

Kind regards,

Job



More information about the RPKI mailing list