On Tuesday, June 30, 2015, Mike Leber <mle...@he.net> wrote: > > > On 6/30/15 3:02 PM, Tore Anderson wrote: > >> * Mike Leber >> >> I was thinking that when I posted yesterday. >>> >>> These were announcements from a peer, not customer routes. >>> >>> We are lowering our max prefix limits on many peers as a result of this. >>> >>> We are also going towards more prefix filtering on peers beyond bogons >>> and martians. >>> >> Hi Mike, >> >> You're not mentioning RPKI here. Any particular reason why not? >> >> If I understand correctly, in today's leak the origin AS was >> changed/reset, so RPKI ought to have saved the day. (At least Grzegorz' >> day, considering that 33 of AS43996's prefixes are covered by ROAs.) >> > > Yes, we will incorporate RPKI into how we build our prefix filters for > peers as we improve our tools. > > Currently this will involve some amount of prefix list compression due to > the limits of current hardware and the need to still have BGP converge. > > As Job Snijders said, "I would forsee issues if i'd try to add an eleven > megabyte prefix-list on all devices in the network.". > > Mike. >
It is NTT that would have mitigated this issue if they deployed and enforcer rpki, right?
