Hi nusenu, > Op 17 mrt. 2019, om 09:23 heeft nusenu <[email protected]> het volgende > geschreven: > > Randy Bush: >>> Are 0.0.0.0/0 routes filtered by RIPEstat but >>> included in RIS dumps? >>> Should rpki-validator filter them out? >> >> as the rirs each have a cert for 0/0, shouldn't the validator should be >> prepared to evaluate 0/0? > > just to clarify: I didn't mean to say that validtor 3 isn't > prepared to evaluate 0/0. > The strange results originated from my tools that did not > expect 0/0 routes in validator's BGP preview - but I will fix my side. > > And to clarify "strange results": I'm regularly looking at > how we are doing with RPKI misconfigurations (RPKI Observatory) and the > last output suggested that we are down to 0 unreachable > RPKI IP address space because _every_ INVALID announcement > had an alternative path via 0/0 from AS15576 which is obviously not correct.
The data in the validator is consistent with the data in RIS: https://stat.ripe.net/widget/announced-prefixes#w.resource=15576 <https://stat.ripe.net/widget/announced-prefixes#w.resource=15576> You can see 0.0.0.0/0 (and ::/0 by the way) there. Out of curiosity, did you ping them about these mis-announcements already? Nathalie
signature.asc
Description: Message signed with OpenPGP
