[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Starting to Drop Invalids for Customers

On 18/Dec/19 00:35, Randy Bush wrote:

> and how does that work out at scale when roa changes need previous bgp
> to be run against them?

If I'm honest, not something I've studied in great detail.

For the moment, we are running RPKI on IOS XE boxes that are doing just
peering. We have not had any routing issues on those, and I do know of a
few networks that had fat-fingered their ROA's that led them to get
dropped on our end due to being Invalid. The issue cleared up after they
fixed their error, and there was no manual intervention needed on these

The customer edge is where we shall be dropping Invalids on this code
base on a much larger scale. Notes to take; plenty...