Mark wrote: > So the validator is not even showing either /24, only the /23. > Could it be implementing RFC 6907?
https://github.com/RIPE-NCC/rpki-validator-3 ... > All of my IOS XR routers do not have the /24's in RIB, even if > marked as Invalid. So either IOS XR is implementing RFC 6907 > aggressively, or the remote side is doing the same and dropping > them before I get them (which would mean they are either running > IOS XR, Interesting. 7018 mentioned for another prefix "2402:7500::/32. Our IOS-XR routers see the received as-path as '2914 9924 9924 9924 {24158,131614}'. The relevant VRP authorizes only 24158 to originate 2402:7500::/32-48." The only difference I see here for 194.45.183.0/24 is, that the ROA is for the 2nd AS in the AS_SET, above there is (or was) a match for the first. > or are working around the lack of this RFC in Junos. Any idea how to workaround this in JunOS other than building filters "somewhere else"? I wouldn't know how to easily drop paths with AS_SET in JunOS. Markus -- AS286 - still here ... _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp