On 12-07-18 23:25, Job Snijders wrote:
On Thu, Jul 12, 2018 at 09:09:44PM +0000, Weber, Markus wrote:
Hoe/waar zijn jullie met implementaties van RPKI Origin Validation?
AS286 is "prepared", but not yet rejecting anything.
Once the customer cone is clean (or customers had enough time to get their or their customer's or their customer customer's invalids corrected), reject will be enabled (and not disabled again). Round about a dozen of invalids of downstreams remain ...
From my perspective you are almost squacky clean! I see two invalids 88.159.27.0/24 (invalid, but covered by valid route 88.159.0.0/16) and 94.103.31.0/24 (also covered by valid 94.103.16.0/20). I'm sure there are more, but if you drop these two prefixes it shouldn't result in loss of connectivity because there are covering valid routes.
A patently I needed to publish the RPKI cert of 88.159.27.0/24. Thanks for the headsup. <...>snap</snap> Kind regards, Michiel Piscaer AS39309 Edutel BV -- Network / System Engineer Security Officer E-mail: m.piscaer@edutel.nl Telefoon: +31 88 787 0209 Fax: +31 88 787 0502 Mobiel: +31 6 16048782 Threema: PBPCM9X3 PGP: 0x592097DB W3: www.edutel.nl