Hi,
Would anyone be able to explain the below phenomenon?
RPKI Origin validation marks net 45.227.254.0/24 as INVALID as it expects
it to be originated by ASN: 395978
c1001-08-10#sh ip bgp 45.227.254.0/24
BGP routing table entry for 45.227.254.0/24, version 221816327
Paths: (1 available, no best path)
Not advertised to any peer
Refresh Epoch 1
6461 3257 42624 *51852*
128.177.133.177 from 128.177.133.177 (64.125.0.193)
Origin IGP, metric 100, localpref 90, valid, external
Community: 423434093
path 7F76F542CF58 *RPKI State invalid*
rx pathid: 0, tx pathid: 0
c1001-08-10#show ip bgp rpki table | inclu 45.227.254.0
45.227.254.0/24 24 395978 0 10.250.80.18/8082
45.227.254.0/24 24 395978 0 10.250.80.18/8323
c1001-08-10#
But it comes from 51852 which according to ipinfo or bgpview is legitimate
ASN:
https://ipinfo.io/AS51852/45.227.254.0/24
https://bgpview.io/prefix/45.227.254.0/24
As I see similar discrepancies in many global networks I would like to ask
who to trust ? If RPKI data is not valid then I think we have a real
problem.
The particular net is a bit interesting ...
cleantalk.org reports it is coming from Swiss:
https://cleantalk.org/whois/45.227.254.0 but in the same time when searched
..240/32 is suddenly reported coming from germany and is marked as spam:
https://cleantalk.org/whois/45.227.254.240
Many thx,
Robert.
_______________________________________________
GROW mailing list
GROW@ietf.org
https://www.ietf.org/mailman/listinfo/grow
