[NLNOG] deploying RPKI based Origin Validation
Job Snijders
job at instituut.net
Fri Jul 13 00:09:45 CEST 2018
On Thu, Jul 12, 2018 at 11:44:28PM +0200, M. Piscaer wrote:
> > From my perspective you are almost squacky clean! I see two invalids
> > 88.159.27.0/24 (invalid, but covered by valid route 88.159.0.0/16) and
> > 94.103.31.0/24 (also covered by valid 94.103.16.0/20). I'm sure there
> > are more, but if you drop these two prefixes it shouldn't result in loss
> > of connectivity because there are covering valid routes.
>
> A patently I needed to publish the RPKI cert of 88.159.27.0/24. Thanks
> for the headsup.
Yes, it seems that adding a separate extra ROA just for the /24 is
better than using "MaxLength=24".
Wall of text on what that is :-) https://tools.ietf.org/html/draft-ietf-sidrops-rpkimaxlen
Kind regards,
Job
More information about the NLNOG
mailing list