On 14/05/2022 00:16, Jakob Heitz (jheitz) via NANOG wrote:
'RPKI-dropped-only' causes the dropped routes to be stored. This will prevent the unnecessary route-refreshes described above. It does not prevent all route-refreshes, but uses significantly less memory than 'RPKI-tested-only' Regards, Jakob.
In the end, the reason for all this RPKI-thingy is to prevent route spoofing by malicious actors. It sure would be nice if someone from the top 20: https://asrank.caida.org/ would be able to have an auto-updated site that showed all RPKI dropped from their end.
This would complement https://bgpstream.crosswork.cisco.com/ for those of us who want to know who is trying to hijack our routes at the core.
Regards, Hank
