Robert Raszuk wrote: > > Hi, > > If I am not mistaken there was a Randy's comment today at the mic > indicating that an AS may consider a path origin validation as INVALID > as compared to the peering AS just because the "RPKI may not be > synchronized" > > Is this at all possible ? Doesn't RPKI already have been enhanced > sufficiently to avoid mis-detections even in the AS migration cases ?
you may find the first para of section 6 of draft-ietf-sidr-origin-ops useful. to save you actually reading the draft Like the DNS, the global RPKI presents only a loosely consistent view, depending on timing, updating, fetching, etc. Thus, one cache or router may have different data about a particular prefix than another cache or router. There is no 'fix' for this, it is the nature of distributed data with distributed caches. rany _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
