On 19/03/2021 10:06, Ben Maddison via routing-wg wrote:
Hi Nathalie,
On 03/18, Nathalie Trenaman wrote:
Dear Colleagues, Working Group,
As discussed previously in this mailing list, some community members
expressed that they would like to see the RIPE NCC perform Route
Origin Validation on AS3333. We decided to ask the community for
advice and guidance on how we should proceed.
What is Route Origin Validation? Route Origin Validation is a
mechanism by which route advertisements can be authenticated as
originating from an expected autonomous system (AS). The best current
practice is to drop RPKI invalid BGP announcements. These are
announcements that conflict with the statement as described in a Route
Origin Authorization (ROA).
I believe that you have hit the nail on the head here: dropping ROV
Invalids has (IMO) now become the best practice for operators of all
sizes. It is no longer some experimental technique for academics and
people that live at the bleeding edge.
We wouldn't have the same debate about dropping martians, right?
I am not sure it is possible, but I would love to see some centralized
site where all dropped ROV invalids would appear. This way I can see if
I have a problem as well as if someone tried to hijack my space but was
thwarted by the drop.
Regards,
Hank
Caveat: The views expressed above are solely my own and do not express
the views or opinions of my employer
