Thanks y’all. It’s interesting that routing works without RPKI. And if I put in my RIR-based ROA’s, it will invalidate any rouge advertisements…and now validate mine. Someone previously mentioned that if a bad actor tries to advertise a prefix with my AS as the origin (first “last” AS in the path list) that it could maybe circumvent RPKI…? I wouldn’t think it would be the easy. Or should I say I really hope it wouldn’t be that easy.
Aaron > On May 17, 2025, at 10:57 PM, Job Snijders <[email protected]> wrote: > > On Thu, May 15, 2025 at 11:26:11AM -0500, Aaron Gould via NANOG wrote: >> ok ok, now I understand and am a believer! >> >> some of our address space was hijacked. i did the arin.net roa entries, and >> BAM-O... moments later, all my routes are validated and the erroneous >> hijacked routes are gone! >> >> love it > > had a similar experience at my previous employer: > https://www.fastly.com/blog/war-story-rpki-is-working-as-intended > > What used to be a large outage now ends up being no big deal > > Kind regards, > > Job _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/[email protected]/message/BZ5PYYQBJW7KB2BC3RJIP57RHQQZCHHV/
