|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
In-Reply-To: <4D46FCA3.1050509@toonk.nl> Date: Mon, 31 Jan 2011 15:11:27 -0500 From: Christopher Morrow <morrowc.lists@gmail.com> To: andree@toonk.nl Cc: nanog@nanog.org Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org On Mon, Jan 31, 2011 at 1:17 PM, Andree Toonk <andree+nanog@toonk.nl> wrote= : > Hi Randy, > > .-- My secret spy satellite informs me that at 11-01-30 11:18 PM =A0Randy= Bush > wrote: > >> so i am not sure what your point is. =A0please clarify with a concrete >> example. > > Adjusting a route's degree of preference in the selection algorithm based= on > its validation state only works if it's exactly the same prefix. > > Jack already sort of explained what I meant, but here's an example > > Assume that youtube's prefix had a roa like this > Origin ASN: =A0 =A0 AS36561 > Prefixes: =A0 =A0 =A0 208.65.152.0/22 > > Now AS17557 start to announce a more specific: 208.65.153.0/24. Validator= s > would classify this as Invalid (2). > If we would only use local-prefs, routers would still choose to send it t= o > AS17557 (Pakistan Telecom) as it's a more specific. > > So in cases where the invalid announcement is a more specific, the only w= ay > to prevent 'hijacks' is to actually drop these 'invalid' announcement fro= m > day one. > > I understand this is by design, but I can imagine some operators will be > reluctant to actually drop routes when they start testing RPKI deployment= s > in their networks. yes, but what is the way forward?
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |