[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Analysing traffic in context of rejecting RPKI invalids using pmacct
- Subject: Analysing traffic in context of rejecting RPKI invalids using pmacct
- From: smeuse at mara.org (Steve Meuse)
- Date: Wed, 13 Mar 2019 11:17:22 -0400
- In-reply-to: <[email protected]>
- References: <[email protected]> <CA+3sbiMukcQXwhK3VLwKhDGgfiQLriwd79jQMoZXbf0=K=MANg@mail.gmail.com> <[email protected]>
On Tue, Mar 12, 2019 at 9:26 AM Jay Borkenhagen <jayb at att.com> wrote:
>
>
> Thanks for the update, but based on that description I'm not certain
> that you implemented the same thing that pmacct built, which IMO is
> what is needed by those considering deploying a drop-invalids policy.
> (Perhaps you omitted mentioning that ability in your description but
> included it in your implementation.)
>
>
Thanks Jay, you are correct. As we were talking through the logic we
realized we missed that bit. Internally, we're working though the logic to
understand if there is a covering route, is that route valid, and if not,
will we recurse and look for another covering route that is valid?
Either way, we'll be updating our software with that functionality shortly.
-Steve
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20190313/f7d97820/attachment.html>