[prev in list] [next in list] [prev in thread] [next in thread] 

List:       nanog
Subject:    Re: "Is BGP safe yet?" test
From:       Andrey Kostin <ankost () podolsk ! ru>
Date:       2020-04-23 16:37:12
Message-ID: 2dd06050ecdf374fec75bb7b07de59d7 () podolsk ! ru
[Download RAW message or body]

Vincent Bernat писал 2020-04-22 15:26:
> ❦ 22 avril 2020 12:51 -04, Andrey Kostin:
> 
>> BTW, has anybody yet thought/looked into extending RPKI-RTR protocol
>> for validation of prefixes received from peer-as to make ingress
>> filtering more dynamic and move away prefix filters from the routers?
> 
> It could be used as is if the client implementations were a bit more
> flexible.
> 
> With BIRD, you decide which AS to match. So you can match on the
> neighbor AS instead of the origin AS. Then, you can use something like
> GoRTR which accepts using JSON files instead of the RPKI as source. 
> BIRD
> also allows you to have several ROA tables. So, you can check against
> the "real" RPKI as well as against your custom IRR-based RPKI.

That's what I meant. So I guess IX operators already can use BIRD on 
route-servers for prefix filtering. I think it could be useful on hw 
routers as well.

Kind regards,
Andrey
[prev in list] [next in list] [prev in thread] [next in thread]