[NLNOG] AS3265 (XS4ALL) dropping invalid prefixes
timr at xs4all.net
Tue May 21 15:08:00 CEST 2019
AS3265 is now dropping all RPKI invalid prefixes received from (transit) peers.
We run two geographically spread instances of Routinator.
Our peering-edge consists of two MX960 routers running "JUNOS 17.4R2-S3.2”
As of yet no real (customer) impact, this is reflected in the volume of traffic in
netflow data containing RPKI invalid prefixes (pre/post reject)
Remaining work is rejecting invalids on customer BGP sessions (handful) and writing
meaningful alerts for our monitoring-stack (prometheus/alertmanager)
timr on #nlnog
More information about the NLNOG