[RPKI] Routes containing aggregated AS-set becomes invalid
Jan Chrillesen
jan at chrillesen.dk
Wed Jul 22 06:24:35 UTC 2020
On ons., 15 jul. 2020, Chriztoffer Hansen <ch at ntrv.dk> wrote:
> The exact same question popped up on the BIRD mailing list the other
> day, https://marc.info/?l=bird-users&m=159463583531316&w=2
>
> "This is expected behaviour, see RFC 6907 7.1.9:
>
> Comment: In the spirit of [RFC6472], any route with an AS_SET in it
> should not be considered valid (by ROA-based validation). If
> the route contains an AS_SET and a covering ROA prefix exists for the
> route prefix, then the route should get an Invalid status.
>
> (Note: AS match or mismatch consideration does not apply.)"
Hi Chriztoffer
I have been looking further into this and it seems that Telia/1299 does
not consider these types of routes as RPKI invalids!
(I base this on the fact that Telia publicly stated that they do drop
invalids, however I receive the following prefixes on one of our Telia
transit ports)
* 77.75.37.0/24 213.248.93.92 100 50 0 1299 2914 9121 9121 42926 {206991} i
* 77.83.56.0/22 213.248.93.92 100 50 0 1299 1273 24785 16003 {8455,27970} i
* 83.230.0.0/19 213.248.93.92 100 50 0 1299 6830 35434 {202220} i
* 83.230.32.0/20 213.248.93.92 100 50 0 1299 6830 35434 {199551} i
* 103.15.41.0/24 213.248.93.92 100 50 0 1299 4637 9498 58682 {54994} i
* 119.30.80.0/20 213.248.93.92 100 50 0 1299 6762 38193 58470 23966 {131471,132788} i
Before I turn on validation on our transit sessions I would like to hear
some feedback from networks that already drops invalids. Will dropping
these routes with AS_SET in the path cause any issues? Or are you
dropping these without any known problems?
- Jan
More information about the RPKI
mailing list