Akamai has no plans to publish ROAs at this time.
The reality is that in its current state RPKI is a high overhead method for explaining to the world
which origin ASN to prepend in order to more convincingly hijack routes.
Owen
> On Dec 13, 2017, at 12:46 , Doug McIntyre <[log in to unmask]> wrote:
>
> On Fri, Dec 08, 2017 at 11:06:50PM -0600, Richard Laager wrote:
>> Zero length is a subset of “doesn’t start with their AS”, so if we filter on that condition, hopefully we will catch that too.
>
>
> BIRD is probably the best tool for the job for doing the import BGP filtering for
> conditions based on either AS Path = 0 or start with their AS.
> It sounds like people want the BGP import function to change to include something like
>
> function route_import(int asn)
> {
> ....
> if bgp_path.first != asn then return false;
> if bgp_path.len > 25 then return false;
> if bgp_next_hop != from then return false;
> return true;
> }
>
> Are there other conditions that should be filtered on? (this is taken
> mostly from Ondřej Surý's examples).
>
> As for doing RPKI, it looks like BIRD v2.0 supports that in some fashion, but that
> would have to be tested out in a lab. How many members would have an ROA already?
>
>
> --
> Doug McIntyre <[log in to unmask]>
> ~.~ ipHouse ~.~
> Network Engineer/Provisioning/Jack of all Trades
|