[135995] in North American Network Operators' Group
Re: Level 3's IRR Database
daemon@ATHENA.MIT.EDU (Andree Toonk)
Mon Jan 31 13:18:20 2011
Date: Mon, 31 Jan 2011 10:17:07 -0800
From: Andree Toonk <andree+nanog@toonk.nl>
To: Randy Bush <randy@psg.com>
In-Reply-To: <m21v3t8rtd.wl%randy@psg.com>
Cc: nanog@nanog.org
Reply-To: andree@toonk.nl
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Hi Randy,
.-- My secret spy satellite informs me that at 11-01-30 11:18 PM Randy
Bush wrote:
> so i am not sure what your point is. please clarify with a concrete
> example.
Adjusting a route's degree of preference in the selection algorithm
based on its validation state only works if it's exactly the same prefix.
Jack already sort of explained what I meant, but here's an example
Assume that youtube's prefix had a roa like this
Origin ASN: AS36561
Prefixes: 208.65.152.0/22
Now AS17557 start to announce a more specific: 208.65.153.0/24.
Validators would classify this as Invalid (2).
If we would only use local-prefs, routers would still choose to send it
to AS17557 (Pakistan Telecom) as it's a more specific.
So in cases where the invalid announcement is a more specific, the only
way to prevent 'hijacks' is to actually drop these 'invalid'
announcement from day one.
I understand this is by design, but I can imagine some operators will be
reluctant to actually drop routes when they start testing RPKI
deployments in their networks.
Cheers,
Andree
