[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Illegal usage of AS51888 (and PI 18.104.22.168/24) from AS42989 and AS57954 (in ukraine)
On Fri, May 3, 2013 at 2:21 PM, Nick Hilliard <nick at foobar.org> wrote:
> On 03/05/2013 19:08, Christopher Morrow wrote:
> > hopefully it won't involve people being brave :) hopefully good
> > and metrics lead us to a position where things 'just work' and we can do
> > with confidence! :)
> dropping prefixes means that you're ok about not having reachability to a
> prefix if its roa pops up as "unknown". This could be because the prefix
> holder hasn't bothered to register their prefix in the rpki (i.e.
> sloppiness), or it could be because the ROA has been revoked for some
> reason (e.g. because of hijacking). For sure, a router can't tell the
right, in the ideal tomorrow-tomorrow-land ... this all is part of turnup
and the timelines associated with propogation/etc are all known and
accounted for. Additionally, the systems involved are all well understood
in short, in the tomorrow-tomorrow-land... this all just works as we
expect/want, and the only 'unknown' are actually 'invalid'.
> From a deployment point of view, there's a pretty big gap between poking
> around with rpki and actually dropping prefixes on your routers. I don't
> see that the rpki dat a will be good enough for the latter any time soon,
> but maybe one day.
right, no problem with this.