[NLNOG] AS3265 (XS4ALL) dropping invalid prefixes
timr at xs4all.net
Wed May 22 08:34:00 CEST 2019
Yes, we use RTR as described in the Juniper documentation.
No, we might want to publish a list of dropped prefixes, where clueful customers can
check if the unreachability is a result of dropping that invalid prefix.
> On 21 May 2019, at 16:55, Stavros Konstantaras <stavros.konstantaras at ams-ix.net> wrote:
> Hi Tim,
> Well done for the good work and nice to see you using routinator for this job. I have two questions though:
> - Shall I assume that you use the RTR protocol between your MX routers and routinator?
> - (Speaking as an XS4All customer) will you notify your customers for the invalid/dropped prefixes
> when you apply the policy to customer connections?
> Best regards,
> Stavros Konstantaras | NOC Engineer | AMS-IX
> M +31 (0) 620 89 51 04 | T +31 20 305 8999
>> On 21 May 2019, at 13:08, Tim Reinders <timr at xs4all.net> wrote:
>> Hello all,
>> AS3265 is now dropping all RPKI invalid prefixes received from (transit) peers.
>> We run two geographically spread instances of Routinator.
>> Our peering-edge consists of two MX960 routers running "JUNOS 17.4R2-S3.2”
>> As of yet no real (customer) impact, this is reflected in the volume of traffic in
>> netflow data containing RPKI invalid prefixes (pre/post reject)
>> Remaining work is rejecting invalids on customer BGP sessions (handful) and writing
>> meaningful alerts for our monitoring-stack (prometheus/alertmanager)
>> Tim Reinders
>> timr on #nlnog
>> NLNOG mailing list
>> NLNOG at nlnog.net
More information about the NLNOG