This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[routing-wg] Ensuring RPKI ROAs match your routing intent
- Previous message (by thread): [routing-wg] Ensuring RPKI ROAs match your routing intent
- Next message (by thread): [routing-wg] Ensuring RPKI ROAs match your routing intent
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Alex Band
alex at nlnetlabs.nl
Fri Jun 26 08:30:49 CEST 2020
Hi Randy, > On 25 Jun 2020, at 16:57, Randy Bush <randy at psg.com> wrote: > > alex, > > you point out a serious concern, when creating a ROA will i do damage? > the way the DRL CA gooey has handled this for a decade+ is to have a > full bgp dump and to compare the prospective new ROA to that dump. > krill seems to be following this path. cool. what does the NCC's CA do > in this space (i only use delegated, so do not see it)? The ROA management in the RIPE NCC Portal uses these RIS dumps: http://www.ris.ripe.net/dumps/ As far as I know APNIC and LACNIC offer something similar, with the former also creating matching route objects in the same UI. Krill uses these RIS dumps too for this initial release, but we intend to evolve it over the next releases with something more real-time, as well as letting you plug in a local router feed, add tagging, staging of ROAs, warning of liberal maxLength, etc. Combined with the Prometheus monitoring we already have, it should provide a quick alerting system if problematic announcements appear. Props to DRLs pioneering work. -Alex
- Previous message (by thread): [routing-wg] Ensuring RPKI ROAs match your routing intent
- Next message (by thread): [routing-wg] Ensuring RPKI ROAs match your routing intent
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]