On Thu, 19 Oct 2023 at 11:56, Owen DeLong <o...@delong.com> wrote: > > On Thu, 19 Oct 2023 at 11:46, Owen DeLong via NANOG <nanog@nanog.org> > wrote: > >> A question for network operators out there that implement ROV… >> >> Is anyone rejecting RPKI unknown routes at this time? >> >> I know that it’s popular to reject RPKI invalid (a ROA exists, but >> doesn’t match the route), but I’m wondering if anyone is currently or has >> any plans to start rejecting routes which don’t have a matching ROA at all? > > > > This would be a bad idea and cause needless fragility in the network > without any upsides. > > > I’m not intending to advocate it, I’m asking if anyone is currently doing > it. >
I’m not aware of anyone doing this, and have not heard operators express interest in doing this (probably because it seems such an unpleasant concept). Somewhat related: I do know of operators that require a ROA (if it’s non-legacy space) during their customer onboarding process, for example, in BOYIP for DIA cases. But those operators do not expect the ROA to continually exist after the provisioning has been completed successfully. Making the continued availability of a route dependent on the continued validity of a ROA is where friction starts to form. Kind regards, Job >
