[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

"Is BGP safe yet?" test

Vincent Bernat пиÑ?ал 2020-04-22 15:26:
> â?¦ 22 avril 2020 12:51 -04, Andrey Kostin:
>> BTW, has anybody yet thought/looked into extending RPKI-RTR protocol
>> for validation of prefixes received from peer-as to make ingress
>> filtering more dynamic and move away prefix filters from the routers?
> It could be used as is if the client implementations were a bit more
> flexible.
> With BIRD, you decide which AS to match. So you can match on the
> neighbor AS instead of the origin AS. Then, you can use something like
> GoRTR which accepts using JSON files instead of the RPKI as source. 
> also allows you to have several ROA tables. So, you can check against
> the "real" RPKI as well as against your custom IRR-based RPKI.

That's what I meant. So I guess IX operators already can use BIRD on 
route-servers for prefix filtering. I think it could be useful on hw 
routers as well.

Kind regards,