-
Notifications
You must be signed in to change notification settings - Fork 44
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RPKI Filter #9
Comments
Maybe some cooperation with Krill (https://github.com/NLnetLabs/krill) to check and validate this prefixes |
@MrHamel it is not entirely clear to me what you mean. Can you provide (real) data in a user story to illustrate what should or should not happen? |
A carrier can easily enforce RPKI as a requirement for a prefix to show up in the DFZ, at the time of turnup. This idea would be opt-in with a command line argument, not default. |
Can you show with mock-up data / cli output what you mean exactly? |
Basically NTT IRR data with RPKI source data, but having the program do it's own validation when it's not using NTT data, or if someone is wearing a tinfoil hat. |
Create an command line argument to require RPKI validation when generating the prefix list, to confirm the route(6) object's ASN can announce the prefix.
This may require the prefix to bypass the passed in arguments of "upto" and "le/ge" to maintain validity.
The text was updated successfully, but these errors were encountered: