On Mon, Jan 31, 2011 at 1:17 PM, Andree Toonk <andree+na...@toonk.nl> wrote: > Hi Randy, > > .-- My secret spy satellite informs me that at 11-01-30 11:18 PM Randy Bush > wrote: > >> so i am not sure what your point is. please clarify with a concrete >> example. > > Adjusting a route's degree of preference in the selection algorithm based on > its validation state only works if it's exactly the same prefix. > > Jack already sort of explained what I meant, but here's an example > > Assume that youtube's prefix had a roa like this > Origin ASN: AS36561 > Prefixes: 208.65.152.0/22 > > Now AS17557 start to announce a more specific: 208.65.153.0/24. Validators > would classify this as Invalid (2). > If we would only use local-prefs, routers would still choose to send it to > AS17557 (Pakistan Telecom) as it's a more specific. > > So in cases where the invalid announcement is a more specific, the only way > to prevent 'hijacks' is to actually drop these 'invalid' announcement from > day one. > > I understand this is by design, but I can imagine some operators will be > reluctant to actually drop routes when they start testing RPKI deployments > in their networks.
yes, but what is the way forward?