This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[routing-wg] NTT/AS2914 enabled RPKI OV 'invalid = reject' EBGP policies

Previous message (by thread): [routing-wg] Weekly Routing Table Report
Next message (by thread): [routing-wg] NTT/AS2914 enabled RPKI OV 'invalid = reject' EBGP policies

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Tijn Buijs ripe-routing-wg at cybertinus.nl
Sat Apr 4 10:20:38 CEST 2020

On 2020-03-26 02:09, Job Snijders wrote:

> Exciting news! Today NTT's Global IP Network (AS 2914) enabled RPKI
> based BGP Origin Validation on virtually all EBGP sessions, both
> customer and peering edge. This change positively impacts the Internet
> routing system.
> 

Hello Job,

It is the word "virtually" that triggers me :), because in my mind it 
translates to "not all of them". Why haven't you enabled it on all our 
EBGP sessions? And doesn't this make enabling it on the rest of the 
validation less useful? Because if an invalid announcements is received 
on an EBGP session without RPKI validation, doesn't it propagate trough 
the rest of the network via iBGP, and thus make the hijack reachable for 
all of NTT?

I'm sure you guys thought about this, but I'm just wondering what you 
did to prevent the scenario I just described :).

Thanks for making the world a safer place!

Kind regards,
Tijn Buijs

Previous message (by thread): [routing-wg] Weekly Routing Table Report
Next message (by thread): [routing-wg] NTT/AS2914 enabled RPKI OV 'invalid = reject' EBGP policies

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ routing-wg Archives ]