On Mon, Jun 5, 2023 at 7:29 PM Michel Py via ARIN-PPML <arin-ppml@arin.net> wrote: > As many others here do, I use BGP blackhole feeds (RTBH). This technique has > been around for a long time. > It is quite a common situation in some orgs to have the in-house SIEM/IDS > redistribute blackhole prefixes via a BGP feed.
Hi Michel, I believe you can set up an in-house trust anchor and use it to sign the routes you distribute internally. Then your routers would consider the RBL routes to be RPKI valid. But wouldn't this be a more appropriate discussion for an operations mailing list like NANOG or a Cisco-specific mailing list? There's not really anything ARIN can do about how Cisco implements RPKI. Regards, Bill Herrin -- William Herrin b...@herrin.us https://bill.herrin.us/ _______________________________________________ ARIN-PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List (ARIN-PPML@arin.net). Unsubscribe or manage your mailing list subscription at: https://lists.arin.net/mailman/listinfo/arin-ppml Please contact i...@arin.net if you experience any issues.
