nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How long AS-PATH policies have you used

From: Saku Ytti via NANOG <nanog () lists nanog org>
Date: Thu, 26 Feb 2026 10:40:52 +0200
On Thu, 26 Feb 2026 at 10:34, Job Snijders via NANOG
<nanog () lists nanog org> wrote:


a) Use SLURM to bridge gaps in your customer cone (this is 20-25%
   today and decreasing) using route origins


What is the purpose of this? What do you envision you could put in SLURM
to trick your routers that wouldn't dillute the purpose of the RPKI?


Either you generate
  a) prefix-list from AS-SET
  b) as-path filter from AS-SET
  c) fill RPKI /gaps/ with slurm from AS-SET

In each case, the quality of the check is as good as AS-SET, which is
bad. But in no case are you diluting the quality for prefixes which
have RPKI.
But in case of c) you are not just checking that the prefix comes from
the right port, you are also checking that prefix has the same origin
as route object.

So yes c) is much worse than not having a gap. But b+c) is much better
than a) because a) doesn't care who is announcing it. So you're
getting rid of a) scale,
while adding an ASN check, having overall better posture.


a) match port
b+c) match port + origin ASN





-- 
  ++ytti
_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/LODG5XYUFMF7LXQ2YBISSOBFBV4PGCD4/
Previous By Date Next
Previous By Thread Next

Current thread: