[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

"Is BGP safe yet?" test

 â?¦ 22 avril 2020 12:51 -04, Andrey Kostin:

> BTW, has anybody yet thought/looked into extending RPKI-RTR protocol
> for validation of prefixes received from peer-as to make ingress
> filtering more dynamic and move away prefix filters from the routers?

It could be used as is if the client implementations were a bit more

With BIRD, you decide which AS to match. So you can match on the
neighbor AS instead of the origin AS. Then, you can use something like
GoRTR which accepts using JSON files instead of the RPKI as source. BIRD
also allows you to have several ROA tables. So, you can check against
the "real" RPKI as well as against your custom IRR-based RPKI.
Choose variable names that won't be confused.
            - The Elements of Programming Style (Kernighan & Plauger)