[RPKI] Accepting smaller routes than RPKI object allows (blackholing)

Job Snijders job at ntt.net
Thu Aug 29 12:33:58 UTC 2019

On Thu, Aug 29, 2019 at 02:21:21PM +0200, Stavros Konstantaras wrote:
> Based on the current standards and vendor implementations, I believe
> another potential solution to make this work is to use a separate
> routing instance (e.g a server running BIRD or other software), where
> customers can use it to send blackhole routes. 
> With BIRD running on a simple box, you could easily implement an
> import filter where a customer is allowed to advertise a /32 route
> that carries the BLACKHOLE community as well (and only that, nothing
> else). Then, with a little bit of python scripting you could either
> program your basic Juniper or Cisco router accordingly or trigger your
> purchased anti-DDoS service. 

What do you base the import filter on?

Kind regards,


More information about the RPKI mailing list