This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/routing-wg@ripe.net/
[routing-wg] NTT/AS2914 enabled RPKI OV 'invalid = reject' EBGP policies
- Previous message (by thread): [routing-wg] Weekly Routing Table Report
- Next message (by thread): [routing-wg] NTT/AS2914 enabled RPKI OV 'invalid = reject' EBGP policies
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Tijn Buijs
ripe-routing-wg at cybertinus.nl
Sat Apr 4 10:20:38 CEST 2020
On 2020-03-26 02:09, Job Snijders wrote: > Exciting news! Today NTT's Global IP Network (AS 2914) enabled RPKI > based BGP Origin Validation on virtually all EBGP sessions, both > customer and peering edge. This change positively impacts the Internet > routing system. > Hello Job, It is the word "virtually" that triggers me :), because in my mind it translates to "not all of them". Why haven't you enabled it on all our EBGP sessions? And doesn't this make enabling it on the rest of the validation less useful? Because if an invalid announcements is received on an EBGP session without RPKI validation, doesn't it propagate trough the rest of the network via iBGP, and thus make the hijack reachable for all of NTT? I'm sure you guys thought about this, but I'm just wondering what you did to prevent the scenario I just described :). Thanks for making the world a safer place! Kind regards, Tijn Buijs
- Previous message (by thread): [routing-wg] Weekly Routing Table Report
- Next message (by thread): [routing-wg] NTT/AS2914 enabled RPKI OV 'invalid = reject' EBGP policies
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]