That would be a nice start :-)
On Thu, Dec 8, 2022 at 6:45 AM Heasley wrote:
>
>
> Am 12/7/22 um 22:25 schrieb Don Beal :
>
>
> How can RPKI / OV prevent such a leak when there is no ROA for 2000::/12,
>
>
> If all ASes participated, no „unknowns“, unknowns could be dropped, ….
>
On Thu, Dec 8, 2022 at 1:45 AM Heasley wrote:
>
>
>
> Am 12/7/22 um 22:25 schrieb Don Beal :
>
>
> How can RPKI / OV prevent such a leak when there is no ROA for 2000::/12,
>
>
> If all ASes participated, no „unknowns“, unknowns could be dropped, ….
>
yea that might be a tad dangerous today :(
Am 12/7/22 um 22:25 schrieb Don Beal :How can RPKI / OV prevent such a leak when there is no ROA for 2000::/12,If all ASes participated, no „unknowns“, unknowns could be dropped, …. what would 6762|2914|174|* invalidate against? Until a future where everything is 'valid', RPKI is unable to pare
How can RPKI / OV prevent such a leak when there is no ROA for 2000::/12,
what would 6762|2914|174|* invalidate against? Until a future where
everything is 'valid', RPKI is unable to pare out less-specific conflicts.
It does look like 3356 pulled the announcement, which is good.
On Thu, Dec 8,
These as well:
3257 3356
3491 3356
They probably leaked a hold down route.
Ryan Hamel
-Original Message-
From: Christopher Morrow
Sent: Wednesday, December 7, 2022 8:48 PM
To: r...@rkhtech.org
Cc: nanog@nanog.org
Subject: Re: AS3356 Announcing 2000::/12
On Wed, Dec 7, 2022 at 11:25
On Wed, Dec 7, 2022 at 11:25 PM Ryan Hamel wrote:
>
> AS3356 has been announcing 2000::/12 for about 3 hours now, an aggregate
> covering over 23K prefixes (just over 25%) of the IPv6 DFZ.
>
>
interesting that this is leaking outside supposed RPKI OV boundaries as well.
For example:
6762 3356
AS3356 has been announcing 2000::/12 for about 3 hours now, an aggregate
covering over 23K prefixes (just over 25%) of the IPv6 DFZ.
Prayers for anyone impacted, the team announcing it, and the team resolving
the issue.
Ryan Hamel
Good Day Gents,
Really interesting topic.
Playing around few NOSes for white boxes during the last few years or so
and run into A LOT of bugs, and sometimes support is awful, being unable to
fix or provide solutions for pretty simple things like BGP doesn't support
LLGR and it causes BGP to work
8 matches
Mail list logo