[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

deploying RPKI based Origin Validation

Subject: deploying RPKI based Origin Validation
From: job at ntt.net (Job Snijders)
Date: Wed, 18 Jul 2018 19:47:00 +0000
In-reply-to: <[email protected]>
References: <CAL9jLaYExYkkZnCFHXKp_khzdc62W04UbukDbgGsjBuoiQ4CTA@mail.gmail.com> <[email protected]> <CAL9jLaa_oXn-5a=m+mM5E8gETP2YsBvbBNvmee0Lt5vbV6+d2Q@mail.gmail.com> <[email protected]> <CAPkb-7Cq7wr88+QUEPBs-hfw7VSBUXohfAduQH2m16-5PSHa7w@mail.gmail.com> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]>

On Wed, Jul 18, 2018 at 07:30:48PM +0000, Michel Py wrote:
> Not in lieu, but when deploying RPKI is not (yet) possible.  My
> routers are not RPKI capable, upgrading will take years (I'm not going
> to upgrade just because I want RPKI).

Can you elaborate what routers with what software you are using? It
surprises me a bit to find routers anno 2018 which can't do OV in some
shape or form.

> What do I have left : using a subset of RPKI as a blackhole :-(

If you implement 'invalid == blackhole', and cannot do normal OV - it
seems to me that you'll be blackholing the actual victim of a BGP
hijack? That would seem counter-productive.

Kind regards,

Job

Follow-Ups:
- deploying RPKI based Origin Validation
  - From: michel.py at tsisemi.com (Michel Py)
- deploying RPKI based Origin Validation
  - From: randy at psg.com (Randy Bush)

References:
- deploying RPKI based Origin Validation
  - From: morrowc.lists at gmail.com (Christopher Morrow)
- deploying RPKI based Origin Validation
  - From: gtaylor at tnetconsulting.net (Grant Taylor)
- deploying RPKI based Origin Validation
  - From: morrowc.lists at gmail.com (Christopher Morrow)
- deploying RPKI based Origin Validation
  - From: mark.tinka at seacom.mu (Mark Tinka)
- deploying RPKI based Origin Validation
  - From: baldur.norddahl at gmail.com (Baldur Norddahl)
- deploying RPKI based Origin Validation
  - From: mark.tinka at seacom.mu (Mark Tinka)
- deploying RPKI based Origin Validation
  - From: job at ntt.net (Job Snijders)
- deploying RPKI based Origin Validation
  - From: michel.py at tsisemi.com (Michel Py)
- deploying RPKI based Origin Validation
  - From: mark.tinka at seacom.mu (Mark Tinka)
- deploying RPKI based Origin Validation
  - From: michel.py at tsisemi.com (Michel Py)

Prev by Date: Proving Gig Speed
Next by Date: deploying RPKI based Origin Validation
Previous by thread: deploying RPKI based Origin Validation
Next by thread: deploying RPKI based Origin Validation
Index(es):
- Date
- Thread