nanog mailing list archives
Re: rpki roa irr - i now believe
From: "Eric C. Miller via NANOG" <nanog () lists nanog org>
Date: Fri, 16 May 2025 00:41:30 +0000
RPKI isn't the whole picture. It's about validating ORIGIN-AS. The rest of IRR is still relevant when it comes to protecting the AS-PATH. Hijacked prefixes of the same size won't travel as far nowadays because of widespread adoption amongst the larger providers. Eric ________________________________ From: Laszlo H via NANOG <nanog () lists nanog org> Sent: Thursday, May 15, 2025 4:59 PM To: Aaron Gould via NANOG <nanog () lists nanog org> Cc: Laszlo H <laszlo () heliacal net> Subject: Re: rpki roa irr - i now believe If the goal of someone were to hijack your routing, they could (should) announce it using your ASN and thus it would still be RPKI valid? On 2025-05-15 16:26, Aaron Gould via NANOG wrote:
ok ok, now I understand and am a believer! some of our address space was hijacked. i did the arin.net roa entries, and BAM-O... moments later, all my routes are validated and the erroneous hijacked routes are gone! love it wanted to share and emphasize to others, if you don't have your prefixes protected at your RIR (ARIN), do it. it only takes a few minutes. https://www.arin.net/resources/manage/rpki/roa_request/ https://youtu.be/cVftieOVn1M
_______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog () lists nanog org/message/KK57NLCHQE2O5KSEIKMWKC5KT2S4EX6Y/ _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog () lists nanog org/message/IOYCHS272LWCHG6B5W2U3PVE7IN6YHW7/
Current thread:
- rpki roa irr - i now believe Aaron Gould via NANOG (May 15)
- Re: rpki roa irr - i now believe Eric C. Miller via NANOG (May 15)
- Re: rpki roa irr - i now believe Aaron1 via NANOG (May 15)
- Re: rpki roa irr - i now believe Eric C. Miller via NANOG (May 15)
- Re: rpki roa irr - i now believe Elmar K. Bins via NANOG (May 15)
- Re: rpki roa irr - i now believe Aaron1 via NANOG (May 15)
- Re: rpki roa irr - i now believe Eric C. Miller via NANOG (May 15)
- Re: rpki roa irr - i now believe Laszlo H via NANOG (May 15)
- Re: rpki roa irr - i now believe Eric C. Miller via NANOG (May 15)
- Re: rpki roa irr - i now believe Job Snijders via NANOG (May 15)
- Re: rpki roa irr - i now believe Randy Bush via NANOG (May 17)
- Re: rpki roa irr - i now believe Aaron1 via NANOG (May 17)
- Re: rpki roa irr - i now believe Randy Bush via NANOG (May 17)
- Re: rpki roa irr - i now believe Aaron1 via NANOG (May 17)
- Re: rpki roa irr - i now believe Tim Burke via NANOG (May 17)
- Re: rpki roa irr - i now believe Aaron1 via NANOG (May 17)