[NLNOG] AS3265 (XS4ALL) dropping invalid prefixes
Tim Reinders
timr at xs4all.net
Wed May 22 08:34:00 CEST 2019
Hello Stavros,
Yes, we use RTR as described in the Juniper documentation.
No, we might want to publish a list of dropped prefixes, where clueful customers can
check if the unreachability is a result of dropping that invalid prefix.
Regards,
Tim Reinders
XS4ALL
> On 21 May 2019, at 16:55, Stavros Konstantaras <stavros.konstantaras at ams-ix.net> wrote:
>
> Hi Tim,
>
> Well done for the good work and nice to see you using routinator for this job. I have two questions though:
>
> - Shall I assume that you use the RTR protocol between your MX routers and routinator?
> - (Speaking as an XS4All customer) will you notify your customers for the invalid/dropped prefixes
> when you apply the policy to customer connections?
>
>
> Best regards,
>
> Stavros Konstantaras | NOC Engineer | AMS-IX
> M +31 (0) 620 89 51 04 | T +31 20 305 8999
> ams-ix.net
>
>
>> On 21 May 2019, at 13:08, Tim Reinders <timr at xs4all.net> wrote:
>>
>> Hello all,
>>
>> AS3265 is now dropping all RPKI invalid prefixes received from (transit) peers.
>>
>> We run two geographically spread instances of Routinator.
>> Our peering-edge consists of two MX960 routers running "JUNOS 17.4R2-S3.2”
>>
>> As of yet no real (customer) impact, this is reflected in the volume of traffic in
>> netflow data containing RPKI invalid prefixes (pre/post reject)
>>
>> Remaining work is rejecting invalids on customer BGP sessions (handful) and writing
>> meaningful alerts for our monitoring-stack (prometheus/alertmanager)
>>
>> Regards,
>> Tim Reinders
>> XS4ALL
>> timr on #nlnog
>> _______________________________________________
>> NLNOG mailing list
>> NLNOG at nlnog.net
>> http://mailman.nlnog.net/listinfo/nlnog
>
More information about the NLNOG
mailing list