Hi Randy,
.-- My secret spy satellite informs me that at 11-01-30 11:18 PM Randy
Bush wrote:
so i am not sure what your point is. please clarify with a concrete
example.
Adjusting a route's degree of preference in the selection algorithm
based on its validation state only works if it's exactly the same prefix.
Jack already sort of explained what I meant, but here's an example
Assume that youtube's prefix had a roa like this
Origin ASN: AS36561
Prefixes: 208.65.152.0/22
Now AS17557 start to announce a more specific: 208.65.153.0/24.
Validators would classify this as Invalid (2).
If we would only use local-prefs, routers would still choose to send it
to AS17557 (Pakistan Telecom) as it's a more specific.
So in cases where the invalid announcement is a more specific, the only
way to prevent 'hijacks' is to actually drop these 'invalid'
announcement from day one.
I understand this is by design, but I can imagine some operators will be
reluctant to actually drop routes when they start testing RPKI
deployments in their networks.
Cheers,
Andree
