There's also ranges like 44net where RPKI is infeasible, but that is indeed a hobbyist setup in the extreme. Ampr.org
They do provide ROA though, so they're not entirely head in the sand, but it's only via RADB, not via RIR. Current word on the street, however, is that this was not a tata hijack, but a leak after the fact when cloudflare went offline. Likely some ancient test configurations or other similar example material/default setups from 20 years ago..... Even so, just ROA enforcement would protect against this. -----Original Message----- From: Francis Booth via NANOG <[email protected]> Sent: Tuesday, July 15, 2025 3:49 PM To: North American Network Operators Group <[email protected]> Cc: Francis Booth <[email protected]> Subject: Re: 1.1.1.1 If reporting is accurate from RIPE, Tata has 4,976 IP route entries and of that only 2,554 of those entries have valid RPKI. [1] Most likely in order to continue serving those who are unwilling or unable to deploy RPKI they work with their upstreams to exempt their announcements from being filtered due to invalid or missing RPKI. Unfortunately as long as companies continue to make exceptions as to who is exempt from RPKI route filtering the risk of someone announcing a bad route will persist with us. It would be awesome if every single IP resource was covered under RPKI but according to Cloudflare Radar, worldwide we’re only halfway there at 56.8% valid and 42.1% unknown/missing. [2] Fortunately we will never have another AS7007-like incident [3] but as yesterday proved can still be quite impactful! [1] https://stat.ripe.net/resource/AS4755#tab=routing [2] https://radar.cloudflare.com/routing [3] https://en.wikipedia.org/wiki/AS_7007_incident > On Jul 15, 2025, at 15:18, Marco Moock via NANOG <[email protected]> > wrote: > > Am 15.07.2025 um 12:12:28 Uhr schrieb Randy Bush via NANOG: > >> 1.1.1.1 was mis-announced by tata. see > > Didn't RPKI and IR avoid any damage? > If not, are there still relevant AS border routers that just accept > anything? > > -- > Gruß > Marco > > Send unsolicited bulk mail to [email protected] > _______________________________________________ > NANOG mailing list > https://lists.nanog.org/archives/list/[email protected]/message/XU > NM4WIHDMECHNOOKIJX5VL66WE5TQGB/ _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/[email protected]/message/XMYD6ZQHK5JO4USQGZ756KM7MP72TIFS/ _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/[email protected]/message/SXOGG2NJLAUNVZSX2WFUCVAHWWSAJXXU/
