[AusNOG] RPKI ROV Inconsistencies
Aftab Siddiqui
aftab.siddiqui at gmail.com
Fri May 7 09:24:25 EST 2021
Thanks Philip,
RPKI Route Origin Validation (ROV) is incrementally deployed inside
> networks, and incrementally across the Default-Free Zone. This means right
> now (and for years to come), operators will see RPKI invalid routes spill
> through the cracks of the global routing system. This is expected and
> unavoidable.
>
Exactly, operators don't do selective filtering, this is how the framework
works. It depends on multiple things and one of them is which RP (relying
party) software is used and what's the refresh cycle [1]. It would have
been selective if they were not installing the ARIN TAL (I don't blame them
for that though).
[1] - https://archive.psg.com/201029.imc-rp.pdf
>
>
> Regards,
>
> Philip
>
>
>
> *From:* AusNOG <ausnog-bounces at lists.ausnog.net> *On Behalf Of *Aftab
> Siddiqui
> *Sent:* Thursday, 6 May 2021 3:34 PM
> *To:* AusNOG at lists.ausnog.net
> *Subject:* [AusNOG] RPKI ROV Inconsistencies
>
>
>
> Hi,
>
> Looking at the data by APNIC Labs, it shows that Telstra, Vocus, Superloop
> etc are not 100% dropping RPKI Invalid Routes.
>
>
>
> https://stats.labs.apnic.net/rpki/AU?o=cQPw7v1p1x0l1
> <https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fstats.labs.apnic.net%2Frpki%2FAU%3Fo%3DcQPw7v1p1x0l1&data=04%7C01%7Cphilip.loenneker%40tasmanet.com.au%7Cdf2c59f3e23c41d3b3b508d91050c165%7Cb53dc580ab7847208b30536f36d398ac%7C0%7C0%7C637558761298896369%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=H85VCxSyRofaSMylzmQIwC14ignMKWXaOq5%2BAPbaChc%3D&reserved=0>
>
>
>
> I don't receive any invalids transiting AS1221 (I have only 1 transit feed
> though) I don't think operators are selectively dropping invalids on some
> edges. Please correct me if I'm wrong.
>
>
> Regards,
>
> Aftab A. Siddiqui
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20210507/2a050c56/attachment.html>
More information about the AusNOG
mailing list