Some IX'es set communities telling which member announced that prefix; if SIX is one of those, that can be used to automate origin verification.
Rubens On Mon, Oct 4, 2021 at 2:08 PM Randy Bush <ra...@psg.com> wrote: > > so i have an AS (3130) which peers at the SIX (RSs and some direct). > > in the hope that leak detectors such as artemis would stop false > positives when they see my prefixes announced customer cones of SIX > peers, i want to add the SIX peers to my aut-num: policy. > > export: to AS-SEATTLEIX-RS-CLIENTS announce AS-RG-SEA > > seems clear and obvious. but > > import: from AS-SEATTLEIX-RS-CLIENTS accept AS-SEATTLEIX-RS-CLIENTS > > would seem to allow bill's bait and sushi to announce microsoft to me. > and i am not sure that expansive `from` clause is actually allowed. > > what are others in this space doing? > > [ and let's not descend into the rat-hole of dissing the IRR. i have > heard of this RPKI thing and might try it some day. ] > > randy > > --- > ra...@psg.com > `gpg --locate-external-keys --auto-key-locate wkd ra...@psg.com` > signatures are back, thanks to dmarc header butchery