[ found in old emacs buffer. might have already been sent ] >> Invalid according to RPKI or IRR? Or both? > > In this context the use of the word “invalid” refers to the result of > validation procedure described in RFC 6811 - which is to match received BGP > updates to the RPKI and attach either of “valid”, “invalid”, or “not-found”. > > In IRR, the challenge has always been that “route:” objects describe a > state of the network that may exist, but the semantics of “route:” objects > don’t allow extrapolation towards what should definitely *not* exist in the > BGP Default-Free Zone. > > RPKI ROAs (compared to IRR objects) carry different meaning: the existence > of a ROA (both by definition and common implementation) supersedes other > data sources (IRR, LOAs, or comments in whois records, etc), and as such > can be used on any type of EBGP session for validation of the received > Internet routing information.
do not disagree with your pedantry. but ... as i am pretty sure arturo knows all that. i suspect he was wondering if mark is gonna throw irr data in the mix the way chris says google will (or does?). and if so, how? seems a useful question. irr acls scale poorly in routers. but mark said customer-facing, which could be reasonable depending on the platform. e.g. ntt uses irr-based acls toward customers. but i am cheered if mark is dropping rpki-based origin validation invalids. it's a big step. randy