Hi Tim,

Well done for the good work and nice to see you using routinator for this job. I have two questions though: 

- Shall I assume that you use the RTR protocol between your MX routers and routinator? 
- (Speaking as an XS4ALL customer) will you notify your customers for the invalid/dropped prefixes 
   when you apply the policy to customer connections?


Best regards,

Stavros Konstantaras | NOC Engineer | AMS-IX 
M +31 (0) 620 89 51 04 | T +31 20 305 8999
ams-ix.net



On 21 May 2019, at 13:08, Tim Reinders <timr@xs4all.net> wrote:

Hello all,

AS3265 is now dropping all RPKI invalid prefixes received from (transit) peers.

We run two geographically spread instances of Routinator.
Our peering-edge consists of two MX960 routers running "JUNOS 17.4R2-S3.2”

As of yet no real (customer) impact, this is reflected in the volume of traffic in
netflow data containing RPKI invalid prefixes (pre/post reject)

Remaining work is rejecting invalids on customer BGP sessions (handful) and writing
meaningful alerts for our monitoring-stack (prometheus/alertmanager)

Regards,
Tim Reinders
XS4ALL
timr on #nlnog
_______________________________________________
NLNOG mailing list
NLNOG@nlnog.net
http://mailman.nlnog.net/listinfo/nlnog