Hi Dan, On Mon, 30 May 2022 at 17:00, Dan Mahoney <danm@prime.gushi.org> wrote:
For my own point of view, we’re currently accepting all routes, even invalid.
We’re using a BGP community so that when we sync things back to our central collector (which is just for research, like a looking glass) so we can send a report that says “at this site we got NN routes, YY invalid”.
The community is not used in any way to make any decisions (on the fly decisions, I mean), nor is it passed on to any neighbors that route anything (only the collector).
That’s a decent approach, setting it up like you describe reduces the “BGP churn blast radius” merely to your collector instance. But my question about the user-defined attribute was that I’d like to be
able to do more drill-down on the node itself. I’m seeing evidence where some of our peers claim to be rejecting RPKI invalid, but seem to be passing them on to us.
Something to consider, in any sufficiently large-sized network, the likeliness of them propagating a (low) number of RPKI-invalid routes is high. More details about how that could happen are here: https://mailman.nanog.org/pipermail/nanog/2021-April/213346.html Kind regards, Job