Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RPKI Filter #9

Open
MrHamel opened this issue Dec 14, 2019 · 5 comments
Open

RPKI Filter #9

MrHamel opened this issue Dec 14, 2019 · 5 comments

Comments

@MrHamel
Copy link

MrHamel commented Dec 14, 2019

Create an command line argument to require RPKI validation when generating the prefix list, to confirm the route(6) object's ASN can announce the prefix.

This may require the prefix to bypass the passed in arguments of "upto" and "le/ge" to maintain validity.

@cdavid14
Copy link
Contributor

Maybe some cooperation with Krill (https://github.com/NLnetLabs/krill) to check and validate this prefixes

@job
Copy link
Member

job commented Dec 15, 2019

@MrHamel it is not entirely clear to me what you mean.

Can you provide (real) data in a user story to illustrate what should or should not happen?

@MrHamel
Copy link
Author

MrHamel commented Dec 15, 2019

A carrier can easily enforce RPKI as a requirement for a prefix to show up in the DFZ, at the time of turnup.

This idea would be opt-in with a command line argument, not default.

@job
Copy link
Member

job commented Dec 16, 2019

Can you show with mock-up data / cli output what you mean exactly?

@MrHamel
Copy link
Author

MrHamel commented Dec 22, 2019

Basically NTT IRR data with RPKI source data, but having the program do it's own validation when it's not using NTT data, or if someone is wearing a tinfoil hat.

@job job transferred this issue from another repository Jan 18, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants