Sabri Berisha wrote on 19/08/2021 00:57:
----- On Aug 18, 2021, at 4:03 PM, Rubens kuhlrube...@gmail.com wrote:
Hi,
Currently RPKI can only validate origin, not paths. If/when a path
validation solution is available, then one easy way to know that
network A really means to peer with network B is to publish a path
validation that B can use and/or forward A's announcements.
Yes, that would be a relatively easy thing to calculate.
if this were easy, we'd have solved the problem space years ago. It's
complicated because the description mechanism needs to be able to
describe the complete set of all inter-as connectivity arrangements
written in a language which is simple enough for people to be able to
update it easily, which can be parsed by language interpreters
relatively easily (allowing toolkits to be written / ), and which is
flexible enough to output complex instructions including optimized
regexps, routing metrics, etc, on a per-prefix, per-asn,
per-interconnection point basis. RPSL attempted these things and
probably failed on all three points. There have been some other
attempts, but none came up with any usable outputs.
Nick
