This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[routing-wg] MERIT Darknet Experiment and RPKI alerts
- Previous message (by thread): [routing-wg] BGP Update Report
- Next message (by thread): [routing-wg] [ipv6-wg] MERIT Darknet Experiment and RPKI alerts
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Alex Band
alexb at ripe.net
Fri Nov 9 10:33:24 CET 2012
A number of you have reported that your are getting alert emails from the Resource Certification (RPKI) service. The alerting system can warn you if some of your certified address space has the RPKI validity "Unknown" or "Invalid". The warning people are receiving will look something like this: > There are alerts about BGP announcements with your certified address > space in the Resource Certification (RPKI) service. > > These are BGP announcements with your certified address space that have > the status Unknown. You should create a ROA for each authorised > announcement to make them Valid: > > AS Number Prefix > AS237 2a00::/12 > > You are able to fix and ignore reported issues, change your alert > settings, or unsubscribe by visiting http://certification.ripe.net/. In this case, the alert is triggered for LIRs who hold an IPv6 address block, but do not announce (all of) it. The *unannounced* address space is being "hijacked" by MERIT as part of its darknet experiment: http://www.ripe.net/internet-coordination/news/merit-to-temporarily-use-2a00-0000-12-for-darknet-experiment If you have received the alert, your certified, unannounced IPv6 prefix is hijacked by AS237 because 2a00::/12 is the most specific announcement that overlaps with it. There are two things you can do: 1. Announce *all* of the IPv6 address space you hold. This way AS237 cannot hijack your prefix with a less specific announcement. 2. Suppress the alert for the announcement from AS237 in the Resource Certification (RPKI) system in the LIR Portal. Please note that the RPKI Alerting system uses the RIPE NCC Route Collectors to trigger the errors, so there may be slight differences between what they see and what you actually do. If you have any questions, please do not hesitate to contact me. Kind regards, Alex Band -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2355 bytes Desc: not available URL: </ripe/mail/archives/routing-wg/attachments/20121109/b8458ecb/attachment.p7s>
- Previous message (by thread): [routing-wg] BGP Update Report
- Next message (by thread): [routing-wg] [ipv6-wg] MERIT Darknet Experiment and RPKI alerts
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]