[arin-ppml] implementing RPKI prefix validation actually increases risk
Hank Nussbacher
hank at efes.iucc.ac.il
Tue Jun 6 10:03:22 EDT 2023
On 06/06/2023 5:29, Michel Py via ARIN-PPML wrote:
>
> The problem here is that RPKI validation is at the very top of the BGP
> bestpath decision process, before weight and local-preference, without
> any way to change that.
>
> Therefore, the “Valid” status of the RPKI route affectively renders
> the RTBH feeds useless. No matter what manipulations of other
> parameters may be configured in route-maps, the RPKI status will
> override everything else.
>
> Unsurprisingly, Cisco says that doing something about it is impossible.
>
How does Juniper handle this?
Regards,
Hank
More information about the ARIN-PPML
mailing list