On 1/31/2011 8:35 AM, Randy Bush wrote:
when there is no roa for the arriving prefix, a roa for the covering
prefix is used. see draft-pmohapat-sidr-pfx-validate-07.txt.
Ahh, very good. I think that was the only concern. Presumably that
would invalidate the route and it would be discarded vs deprefed.
well, i am not sure you want to discard it. this is where the op has to
make a decision. in a world of partial deployment and ops and customers
still learning how to deal with this stuff, should it be discarded?
I agree and definitely understand the turnup viewpoint. However, RPKI is
useless if we don't discard invalid routes which are more specific than
valid covering routes. local pref doesn't override prefix length
decisions. Hijacks will continue to occur unless we issue discards... at
some point.
Jack
