On Tuesday, April 08, 2014 01:20:23 PM Jac Kloots wrote: > Yes, we don't validate those prefixes cause we filter > them strict. We know from all our customers which > prefixes they use so we have prefix-filters placed on > all their connections.
Good point. We do both - prefix list + AS_PATH filtering as well as origin validation. At this point, you're likely to lose longer prefixes from customers if they forgot to ROA them, but the rationale is that if a customer has sufficient clue to ROA their aggregate, they can quickly ROA a de-aggregate or fix it in case they forgot. Mark.
signature.asc
Description: This is a digitally signed message part.
