This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/routing-wg@ripe.net/
[routing-wg] RPKI Route Origin Validation and AS3333
- Previous message (by thread): [routing-wg] RPKI Route Origin Validation and AS3333
- Next message (by thread): [routing-wg] RPKI Route Origin Validation and AS3333
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Nathalie Trenaman
nathalie at ripe.net
Fri Mar 19 12:24:43 CET 2021
Hi all, > Op 18 mrt. 2021, om 17:01 heeft Leo Vegoda <leo at vegoda.org> het volgende geschreven: > > Hi, > > On Thu, Mar 18, 2021 at 8:03 AM Nathalie Trenaman <nathalie at ripe.net> wrote: > > [...] > >> What is the Problem? >> Currently, some of our upstream providers already perform ROV. This means that some of our members that potentially misconfigured their ROA or members who have lost control of creation and modification of their ROAs cannot reach our services via those peers. > > [...] > >> From an analysis we made on 10 February, there were 511 of such announcements from our members and End Users. > > If the goal is to do this in a customer friendly way, perhaps consider > creating a website at something like: https://brokenrpki.ripe.net, on > a network that does not validate RPKI, so that users can be provided > with any analytical tools or step-by-step guides thought necessary. First of all, thanks for the warm support for ROV on AS3333. I’m reading all mails and the discussion with great interest. Now, here Leo brings up a tricky point. If we would create such a website, outside of our network, be would basically tell that other party to never-ever do ROV themselves. I don’t think that we can (or should) demand that from another network. Also, other operational “back doors” are not a good idea, as we try to equally protect the registry and the routing table. This will have consequences. Operators who “locked themselves out” should use another network to reach the LIR Portal. Apart from a big warning in the LIR Portal if they are about to do something that can lock them out (as Gert mentioned) , there isn’t much we can do. And from what I read here, there isn’t much more we should do. Kind regards, Nathalie Trenaman RIPE NCC
- Previous message (by thread): [routing-wg] RPKI Route Origin Validation and AS3333
- Next message (by thread): [routing-wg] RPKI Route Origin Validation and AS3333
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]