Hi Michel, On Tue, Jun 06, 2023 at 02:29:35AM +0000, Michel Py via ARIN-PPML wrote: > The problem here is that RPKI validation is at the very top of the BGP > bestpath decision process, before weight and local-preference, without > any way to change that.
Can you share your device's network configuration? It sounds to me that you configured your devices to apply RPKI-ROV and reject RPKI-invalid routes coming in via the blackhole BGP sessions, and now are surprised that RPKI-invalid routes are rejected on the blackhole BGP sessions. You could configure your devices to not do RPKI-ROV on the blackhole BGP sessions (essentially granting the blackhole BGP server unfiltered access into your network), and continue to do RPKI-ROV on all other EBGP sessions (transit, peering, private peering, customer facing). > I am not deploying it because I don't want it or don't understand it, > I am not deploying it because it simply does not work for me. Please keep an open mind that there might be a misunderstanding somewhere. Kind regards, Job _______________________________________________ ARIN-PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List (ARIN-PPML@arin.net). Unsubscribe or manage your mailing list subscription at: https://lists.arin.net/mailman/listinfo/arin-ppml Please contact i...@arin.net if you experience any issues.
