[NLNOG] AS3265 (XS4ALL) dropping invalid prefixes

Tim Reinders timr at xs4all.net
Tue May 21 15:08:00 CEST 2019

Hello all,

AS3265 is now dropping all RPKI invalid prefixes received from (transit) peers.

We run two geographically spread instances of Routinator.
Our peering-edge consists of two MX960 routers running "JUNOS 17.4R2-S3.2”

As of yet no real (customer) impact, this is reflected in the volume of traffic in 
netflow data containing RPKI invalid prefixes (pre/post reject)

Remaining work is rejecting invalids on customer BGP sessions (handful) and writing
meaningful alerts for our monitoring-stack (prometheus/alertmanager)

Tim Reinders
timr on #nlnog

More information about the NLNOG mailing list