nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: AT&T/as7018 now drops invalid prefixes from peers

From: Jay Borkenhagen <jayb () braeburn org>
Date: Mon, 11 Feb 2019 19:14:26 -0500
valdis.kletnieks () vt edu writes:

On Mon, 11 Feb 2019 09:53:45 -0500, Jay Borkenhagen said:

The AT&T/as7018 network is now dropping all RPKI-invalid route
announcements that we receive from our peers.  


Congrats!


Thanks!


Are you able to comment on what amount of routes are getting dropped?


In round numbers, we dropped about 5000 invalid prefixes total between
ipv4 and ipv6.  Roughly half of those prefixes were covered by
less-specific non-invalid routes, so connectivity should not have been
affected for those prefixes (assuming an announcement yields
reachability to all destinations within it).  Flow analysis was
showing just a couple Gbps of traffic to all invalid routes all across
the country, and much less than that with those invalids having no
covering less-specifics.

                                                Jay B.
Previous By Date Next
Previous By Thread Next

Current thread: