21 May
2019
21 May
'19
3:08 p.m.
Hello all, AS3265 is now dropping all RPKI invalid prefixes received from (transit) peers. We run two geographically spread instances of Routinator. Our peering-edge consists of two MX960 routers running "JUNOS 17.4R2-S3.2” As of yet no real (customer) impact, this is reflected in the volume of traffic in netflow data containing RPKI invalid prefixes (pre/post reject) Remaining work is rejecting invalids on customer BGP sessions (handful) and writing meaningful alerts for our monitoring-stack (prometheus/alertmanager) Regards, Tim Reinders XS4ALL timr on #nlnog