On Tue, Jun 06, 2023 at 05:38:33PM +0000, Michel Py wrote: > I don't think that this is specific to Cisco, just happens to be the > implementation I use.
It seems to be specific to the implementation you use. > I'm not following you here; RPKI-ROV is not configured on a per-peer > or a per-session basis, what am I missing here ? As mentioned > earlier, a different route-map for different purposes has no effect on > the best path decision. No matter what the situation, a valid RPKI > prefix will always become the best path, which leads directly to > blanketing the entire address space as valid at the RTR level to > resolve. In many (if not all) BGP implementations RPKI-ROV can be configured on a per-peer or per-session basis. I'll make a wild guess (based on a hostname you shared in an earlier message I think you use Cisco IOS XE), and therefor I suspect you'll want to configure: "bgp bestpath prefix-validate allow-invalid" (under the "router bgp <ASN>" hierarchy.) Then, in a route-map (specific to the blackhole sessions), increase the LOCAL_PREF to higher than the other BGP routes you wish to override. See the documentation [1]. This is my last message on the topic as Brad Gorman noted, this conversation might be a bit off-topic. To me it seems a configuration problem, not a policy problem. You can message me off-list if you have more questions on how to deploy RPKI-ROV! Kind regards, Job [1]: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/xe-3s/irg-xe-3s-book/bgp-origin-as-validation.html _______________________________________________ ARIN-PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List (ARIN-PPML@arin.net). Unsubscribe or manage your mailing list subscription at: https://lists.arin.net/mailman/listinfo/arin-ppml Please contact i...@arin.net if you experience any issues.