AS3265 (XS4ALL) dropping invalid prefixes
Hello all, AS3265 is now dropping all RPKI invalid prefixes received from (transit) peers. We run two geographically spread instances of Routinator. Our peering-edge consists of two MX960 routers running "JUNOS 17.4R2-S3.2” As of yet no real (customer) impact, this is reflected in the volume of traffic in netflow data containing RPKI invalid prefixes (pre/post reject) Remaining work is rejecting invalids on customer BGP sessions (handful) and writing meaningful alerts for our monitoring-stack (prometheus/alertmanager) Regards, Tim Reinders XS4ALL timr on #nlnog
Hi Tim, This is really good news! Congratulations :-) Will XS4all make some marketing noise about this? Twitter, press release? Something like MSK did yesterday: https://www.msk-ix.ru/en/press-center/news/?id=20190520 <https://www.msk-ix.ru/en/press-center/news/?id=20190520> Cheers, Nathalie
Op 21 mei 2019, om 13:08 heeft Tim Reinders <timr@xs4all.net> het volgende geschreven:
Hello all,
AS3265 is now dropping all RPKI invalid prefixes received from (transit) peers.
We run two geographically spread instances of Routinator. Our peering-edge consists of two MX960 routers running "JUNOS 17.4R2-S3.2”
As of yet no real (customer) impact, this is reflected in the volume of traffic in netflow data containing RPKI invalid prefixes (pre/post reject)
Remaining work is rejecting invalids on customer BGP sessions (handful) and writing meaningful alerts for our monitoring-stack (prometheus/alertmanager)
Regards, Tim Reinders XS4ALL timr on #nlnog _______________________________________________ NLNOG mailing list NLNOG@nlnog.net http://mailman.nlnog.net/listinfo/nlnog
Hi Nathalie, I hope so ;-) Regards, Tim
On 21 May 2019, at 15:41, Nathalie Trenaman <nathalie@ripe.net> wrote:
Hi Tim,
This is really good news! Congratulations :-) Will XS4all make some marketing noise about this? Twitter, press release? Something like MSK did yesterday: https://www.msk-ix.ru/en/press-center/news/?id=20190520
Cheers, Nathalie
Op 21 mei 2019, om 13:08 heeft Tim Reinders <timr@xs4all.net> het volgende geschreven:
Hello all,
AS3265 is now dropping all RPKI invalid prefixes received from (transit) peers.
We run two geographically spread instances of Routinator. Our peering-edge consists of two MX960 routers running "JUNOS 17.4R2-S3.2”
As of yet no real (customer) impact, this is reflected in the volume of traffic in netflow data containing RPKI invalid prefixes (pre/post reject)
Remaining work is rejecting invalids on customer BGP sessions (handful) and writing meaningful alerts for our monitoring-stack (prometheus/alertmanager)
Regards, Tim Reinders XS4ALL timr on #nlnog _______________________________________________ NLNOG mailing list NLNOG@nlnog.net http://mailman.nlnog.net/listinfo/nlnog
Hi Tim, Well done for the good work and nice to see you using routinator for this job. I have two questions though: - Shall I assume that you use the RTR protocol between your MX routers and routinator? - (Speaking as an XS4ALL customer) will you notify your customers for the invalid/dropped prefixes when you apply the policy to customer connections? Best regards, Stavros Konstantaras | NOC Engineer | AMS-IX M +31 (0) 620 89 51 04 | T +31 20 305 8999 ams-ix.net <http://ams-ix.net/>
On 21 May 2019, at 13:08, Tim Reinders <timr@xs4all.net> wrote:
Hello all,
AS3265 is now dropping all RPKI invalid prefixes received from (transit) peers.
We run two geographically spread instances of Routinator. Our peering-edge consists of two MX960 routers running "JUNOS 17.4R2-S3.2”
As of yet no real (customer) impact, this is reflected in the volume of traffic in netflow data containing RPKI invalid prefixes (pre/post reject)
Remaining work is rejecting invalids on customer BGP sessions (handful) and writing meaningful alerts for our monitoring-stack (prometheus/alertmanager)
Regards, Tim Reinders XS4ALL timr on #nlnog _______________________________________________ NLNOG mailing list NLNOG@nlnog.net http://mailman.nlnog.net/listinfo/nlnog
participants (3)
-
Nathalie Trenaman -
Stavros -
Tim Reinders