[135975] in North American Network Operators' Group
Re: Level 3's IRR Database
daemon@ATHENA.MIT.EDU (Randy Bush)
Mon Jan 31 09:37:32 2011
Date: Mon, 31 Jan 2011 23:35:49 +0900
From: Randy Bush <randy@psg.com>
To: Jack Bates <jbates@brightok.net>
In-Reply-To: <4D46C775.1030503@brightok.net>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
>> when there is no roa for the arriving prefix, a roa for the covering
>> prefix is used. see draft-pmohapat-sidr-pfx-validate-07.txt.
> Ahh, very good. I think that was the only concern. Presumably that
> would invalidate the route and it would be discarded vs deprefed.
well, i am not sure you want to discard it. this is where the op has to
make a decision. in a world of partial deployment and ops and customers
still learning how to deal with this stuff, should it be discarded?
again from draft-ietf-sidr-rpki-origin-ops-04.txt
Local policy using relative preference is suggested to manage the
uncertainty associated with a system in flux, applying local policy
to eliminate the threat of unroutability of prefixes due to ill-
advised certification policies and/or incorrect certification data.
E.g. until the community feels comfortable relying on RPKI data,
routing on Invalid origin validity, though at a low preference, will
likely be prevalent for a long time.
but you configure your routers as you think best.
randy
