<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> </head> <body> Hi Tim, Currently we don't have any entries in the whitelist. The idea is to fill it with prefixes that if dropped will cause issues to our customers. Hopefully they shouldn't remain there for a long time. <pre class="moz-signature" cols="72">-- Tassos </pre> <div class="moz-cite-prefix">Tijn Buijs wrote on 10/2/2020 14:32: </div> <blockquote type="cite" cite="mid:1e9ef02c2ef1bf606958bbb7bdeb3f36@cybertinus.nl"> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> Hello Tassos, Very good that you started dropping invalids! This will make the internet a safer place for everybody! One question though: have you had any entries on your whitelist? And if so, can you share the prefixes on it? And have you started any actions to have the prefixes removed from the whitelist by getting them valid somehow? <div id="signature"> <div class="pre" style="margin: 0; padding: 0; font-family: monospace">Kind regards, Tijn Buijs</div> </div> On 2020-02-10 11:25, Tassos Chatzithomaoglou wrote: <blockquote type="cite" style="padding: 0 0.4em; border-left: #1010ff 2px solid; margin: 0"> <div id="replybody1"> <div>Hi to everyone, I would like to inform you that it's been almost one month since Forthnet started dropping invalid prefixes on all peering/transit links, either national or international. It's important to note that during this month we haven't received any complaints. Having monitored the invalid prefixes for more than a year and experimenting with routing them across different links, we decided that it was time to move to the next phase and start dropping prefixes that are declared as invalid in the RPKI ecosystem. Two were the main reasons that helped us take the drop decision: a) during the last year our volume of invalid prefixes traffic decreased from ~1% of total traffic to less than 0,2%, b) we updated our prefix validation policy by including a whitelist (until we evaluate SLURM) in order to bypass issues quickly if/when they arise. Note #1: in the context of the above actions we have noticed that invalid prefixes used for testing purposes have recently begun to grow (each large provider creates one?). This may lead to incorrect conclusions in the future (at least in terms of prefixes, since i don't expect traffic from those). Maybe these invalid prefixes should have some extra "attributes" in order to be recognized more easily while troubleshooting. Note #2: In order to increase adoption of a similar policy, maybe MANRS should be updated to promote dropping invalids. If i'm not mistaken, their current action is about creating ROAs only. -- Tassos </div> </div> </blockquote> </blockquote> </body> </html>