Thank you again to all for the advice :)
-- Original Message --
From: "Joseph Goldman"
To: "ausnog@lists.ausnog.net"
Sent: 23/05/2024 4:50:44 PM
Subject: Re: [AusNOG] Experiences with RPKI
Thank you to everyone who reached out on and off list!
I have curbed the
4 3:46:53 PM
Subject: [AusNOG] Experiences with RPKI
G'day list,
In the process of rolling out RPKI - and while I thought I had a good
grasp on everything, there is one niggling piece of information that
I've come against and can't verify. Was hoping people can share their
experiences.
W
ot; mailto:phil.maw...@gmail.com>>
> To: "Joseph Goldman" mailto:jos...@goldman.id.au>>
> Cc: "ausnog@lists.ausnog.net <mailto:ausnog@lists.ausnog.net>"
> mailto:ausnog@lists.ausnog.net>>
> Sent: 23/05/2024 3:52:54 PM
> Subject: Re: [AusNOG] Expe
> Thanks,
> Joe
>
> -- Original Message --
> From: "Phil Mawson"
> To: "Joseph Goldman"
> Cc: "ausnog@lists.ausnog.net"
> Sent: 23/05/2024 3:52:54 PM
> Subject: Re: [AusNOG] Experiences with RPKI
>
>> Hi Joe,
>>
>&g
quired.
>
> Thanks,
> Joe
>
> -- Original Message ------
> From: "Phil Mawson"
> To: "Joseph Goldman"
> Cc: "ausnog@lists.ausnog.net"
> Sent: 23/05/2024 3:52:54 PM
> Subject: Re: [AusNOG] Experiences with RPKI
>
>> Hi Jo
Hi Joe,
Well you are alwayus going to run into issues! All of these tools introduce
novel forms of failure! :-)
In answer to you specific question, not advertising all of the prefixes for
with you have ROAs will not cause any issuesa at all. When you create a ROA
you, as the prefix holder,
and
> maintain flexibility to not wait multiple hours before we can advertise a
> new prefix if required.
>
> Thanks,
> Joe
>
> -- Original Message --
> From: "Phil Mawson"
> To: "Joseph Goldman"
> Cc: "ausnog@lists.ausnog.net"
&g
.net"
Sent: 23/05/2024 3:52:54 PM
Subject: Re: [AusNOG] Experiences with RPKI
Hi Joe,
First up, well done on working on your RPKI roll out. Signing your own
routes is the most important step you can take to protect your own
network.
In regards to using max length, I do advise against
Hi Joe,
Great work on ROA and RPKI.
Like you said, it is recommended to create ROAs for the prefixes that you
advertise. In other words, create minimum number of ROAs to cover the exact
prefixes that you advertise to avoid “Validated Hijack”.
> On 23 May 2024, at 3:46 PM, Joseph Goldman
Hi Joe,
First up, well done on working on your RPKI roll out. Signing your own routes
is the most important step you can take to protect your own network.
In regards to using max length, I do advise against that as what it means
someone can still hijack one of your un-advertised routes and it
G'day list,
In the process of rolling out RPKI - and while I thought I had a good
grasp on everything, there is one niggling piece of information that
I've come against and can't verify. Was hoping people can share their
experiences.
We are only doing our ROA's to begin with and not
11 matches
Mail list logo
