I think we just don't know (yet) how people are going to apply RPKI. If I were operating a large network today, I would try to run RPKI in a sort of warning-only mode, i.e. getting some sort of alert if an invalid route was detected.
While this wouldn't have prevented YouTube's incident, it would probably have shortened the recovery period. I think it is too early in the deployment process to start dropping routes based on RPKI alone. We'll get there at some point, I guess. cheers Carlos On 1/30/11 6:47 PM, Nick Hilliard wrote: > On 30/01/2011 17:39, Carlos Martinez-Cagnazzo wrote: >> The solution to this problem (theoretical at least) already exist in >> the form of RPKI. > > So, what are peoples' routing policies on RPKI going to be? Are > people going to drop prefixes with no RPKI record? Or drop prefixes > with an incorrect RPKI record? Or drop prefixes with a revoked status? > > I'm concerned that if we're trying to avoid another Youtube affair, > the RPKI policy acceptability criteria will have to be so strict that > this may have a serious effect on overall reachability via the internet. > > Nick