[safnog] RPKI discussions

Frank Habicht geier at geier.ne.tz
Sun Apr 12 07:33:01 UTC 2015


Dear friends-in-RPKI,

I want to say(write) something about the discussion regarding RPKI after
Amreesh's talk, during the meeting in beautiful Swaziland.

I like it that he mentioned specifics, like the AS and prefix involved.

So one invalid prefix was/is seen.
I got that right that the number of invalid prefixes from that ASN we
discussed about is one (1) - right ??

1. so that AS did something right (create ROA(s)) and then some little
thing wrong (announce an invalid more specific).
And that poor representative there got a lot of heat for it.

My wild guess is that over half of the ASNs present there didn't even
create any ROAs. I certainly haven't done that yet.
That means I have done nothing. Nothing right and nothing bad.
Why not bash us who're not doing anything about RPKI?

But now my incentives have gone into the negative. Also because of 2. below.
Was that the intention?

2. So how was it noticed that this (invalid) more specific was announced?
Did some networks accept it?
Oh no! Wasn't this RPKI thing so that mis-originations are not accepted?
That's why I asked, and only one person in the meeting said he did not
accept this prefix. Thanks Nishal. But I'm not sure we can call this a
"network" that was dropping that prefix, can we?

So I'd like to say: this whole local-pref reduction is good for what....?
Seems to me like the prefixes still make it everywhere they want to go,
upstream, downstream, RIB, FIB, ...

Is it for testing?
pro-bono bug chasing for the vendors?
Or is this a case of false advertising?

I have to admit that i don't know enough about RPKI, so i might be
missing something. Looking forward to being educated.


I'd like to conclude with thanks to Ali and everyone involved for
organising such a great event!

Frank



More information about the safnog mailing list