[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Reaching out to ARIN members about their RPKI INVALID prefixes

tor. 20. sep. 2018 02.56 skrev Owen DeLong <owen at delong.com>:

> Again, unless you can trust the data in the IRR to build a complete list
> of valid AS Paths from the ORIGIN, you canâ??t safely reject a fake route
> that has the correct prepend.

Or you can have each hob validate. For example if HE.net did RPKI
validation, it would be effective due to their large number of peerings. If
my network has HE.net as one of my uplinks, someone might fake the route
via one of my other uplinks, but we would not pick that route due to longer
AS path.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20180920/faa9ea38/attachment.html>