> On 20-Oct-2023, at 00:35, nanog@nanog.org wrote: > > On Thu, 19 Oct 2023 at 11:56, Owen DeLong <o...@delong.com > <mailto:o...@delong.com>> wrote: >>> >>> On Thu, 19 Oct 2023 at 11:46, Owen DeLong via NANOG <nanog@nanog.org >>> <mailto:nanog@nanog.org>> wrote: >>>> A question for network operators out there that implement ROV… >>>> >>>> Is anyone rejecting RPKI unknown routes at this time? >>>> >>>> I know that it’s popular to reject RPKI invalid (a ROA exists, but doesn’t >>>> match the route), but I’m wondering if anyone is currently or has any >>>> plans to start rejecting routes which don’t have a matching ROA at all? >>> >>> >>> This would be a bad idea and cause needless fragility in the network >>> without any upsides. >> >> I’m not intending to advocate it, I’m asking if anyone is currently doing it. > > > I’m not aware of anyone doing this, and have not heard operators express > interest in doing this (probably because it seems such an unpleasant concept). > > Somewhat related: > > I do know of operators that require a ROA (if it’s non-legacy space) during > their customer onboarding process, for example, in BOYIP for DIA cases.
In my region also, ISPs are asking valid ROAs before on-boarding users. > > But those operators do not expect the ROA to continually exist after the > provisioning has been completed successfully. Making the continued > availability of a route dependent on the continued validity of a ROA is where > friction starts to form. > > Kind regards, > > Job