[arin-ppml] implementing RPKI prefix validation actually increases risk

Hank Nussbacher hank at efes.iucc.ac.il
Tue Jun 6 10:03:22 EDT 2023

On 06/06/2023 5:29, Michel Py via ARIN-PPML wrote:
> The problem here is that RPKI validation is at the very top of the BGP 
> bestpath decision process, before weight and local-preference, without 
> any way to change that.
> Therefore, the “Valid” status of the RPKI route affectively renders 
> the RTBH feeds useless. No matter what manipulations of other 
> parameters may be configured in route-maps, the RPKI status will 
> override everything else.
> Unsurprisingly, Cisco says that doing something about it is impossible.
How does Juniper handle this?



More information about the ARIN-PPML mailing list