nanog mailing list archives
Re: rpki roa irr - i now believe
From: Aaron1 via NANOG <nanog () lists nanog org>
Date: Sat, 17 May 2025 23:28:05 -0500
Thanks y’all. It’s interesting that routing works without RPKI. And if I put in my RIR-based ROA’s, it will invalidate any rouge advertisements…and now validate mine. Someone previously mentioned that if a bad actor tries to advertise a prefix with my AS as the origin (first “last” AS in the path list) that it could maybe circumvent RPKI…? I wouldn’t think it would be the easy. Or should I say I really hope it wouldn’t be that easy. Aaron
On May 17, 2025, at 10:57 PM, Job Snijders <job () sobornost net> wrote: On Thu, May 15, 2025 at 11:26:11AM -0500, Aaron Gould via NANOG wrote:ok ok, now I understand and am a believer! some of our address space was hijacked. i did the arin.net roa entries, and BAM-O... moments later, all my routes are validated and the erroneous hijacked routes are gone! love ithad a similar experience at my previous employer: https://www.fastly.com/blog/war-story-rpki-is-working-as-intended What used to be a large outage now ends up being no big deal Kind regards, Job
_______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog () lists nanog org/message/BZ5PYYQBJW7KB2BC3RJIP57RHQQZCHHV/
Current thread:
- Re: rpki roa irr - i now believe, (continued)
- Re: rpki roa irr - i now believe Elmar K. Bins via NANOG (May 15)
- Re: rpki roa irr - i now believe Laszlo H via NANOG (May 15)
- Re: rpki roa irr - i now believe Eric C. Miller via NANOG (May 15)
- Re: rpki roa irr - i now believe Job Snijders via NANOG (May 15)
- Re: rpki roa irr - i now believe Randy Bush via NANOG (May 17)
- Re: rpki roa irr - i now believe Aaron1 via NANOG (May 17)
- Re: rpki roa irr - i now believe Randy Bush via NANOG (May 17)
- Re: rpki roa irr - i now believe Aaron1 via NANOG (May 17)
- Re: rpki roa irr - i now believe Tim Burke via NANOG (May 17)
- Re: rpki roa irr - i now believe Aaron1 via NANOG (May 17)