[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Illegal usage of AS51888 (and PI from AS42989 and AS57954 (in ukraine)

On Fri, May 3, 2013 at 2:21 PM, Nick Hilliard <nick at foobar.org> wrote:

> On 03/05/2013 19:08, Christopher Morrow wrote:
> > hopefully it won't involve people being brave :) hopefully good
> measurement
> > and metrics lead us to a position where things 'just work' and we can do
> it
> > with confidence! :)
> dropping prefixes means that you're ok about not having reachability to a
> prefix if its roa pops up as "unknown".  This could be because the prefix
> holder hasn't bothered to register their prefix in the rpki (i.e.
> sloppiness), or it could be because the ROA has been revoked for some
> reason (e.g. because of hijacking).  For sure, a router can't tell the
> difference.
right, in the ideal tomorrow-tomorrow-land ... this all is part of turnup
and the timelines associated with propogation/etc are all known and
accounted for. Additionally, the systems involved are all well understood
and redundant/resilient/etc.

in short, in the tomorrow-tomorrow-land... this all just works as we
expect/want, and the only 'unknown' are actually 'invalid'.

> From a deployment point of view, there's a pretty big gap between poking
> around with rpki and actually dropping prefixes on your routers.  I don't
> see that the rpki dat a will be good enough for the latter any time soon,
> but maybe one day.
right, no problem with this.

> Nick