TLDR: MOAS may not be a problem for RISAV. We don't need to discuss it in RISAV. We need to enrich the introduction of RPKI in RISAV
MOAS is the question of prefix hijacking of BGP. I have learned that MOAS occurs because BGP cannot validate the authenticity and integrity of routing information. So route information is vulnerable to prefix hijacking though MOAS is legal in some cases including static or IGP route in Fig.1 and using private ASN in Fig. 2.
As defined in Sec. 7 of RFC 1930, one prefix should belong to one AS, and there would be no MOAS problem if the recommendation is followed.
RISAV uses RPKI which binds the ASN and IP prefixes with ROA, as defined in RFC 6482. RISAV SHOULD NOT change the route or modify BGP. The relationship between RPKI and RISAV, I think, is that RPKI is the prerequisite of RISAV, i.e., the trust anchor of RISAV is RPKI. Maybe the deployment of RISAV would foster the deployment of RPKI in the future.
So we don't need to discuss MOAS in RISAV. We just need to enrich the introduction of the usage of RPKI in RISAV in my view. The basic is that the status of ROA in use should be not INVALID or UNKNOWN but VALID.
TLDR: MOAS may not be a problem for RISAV. We don't need to discuss it in RISAV. We need to enrich the introduction of RPKI in RISAV
MOAS is the question of prefix hijacking of BGP. I have learned that MOAS occurs because BGP cannot validate the authenticity and integrity of routing information. So route information is vulnerable to prefix hijacking though MOAS is legal in some cases including static or IGP route in Fig.1 and using private ASN in Fig. 2.
As defined in Sec. 7 of RFC 1930, one prefix should belong to one AS, and there would be no MOAS problem if the recommendation is followed.
RISAV uses RPKI which binds the ASN and IP prefixes with ROA, as defined in RFC 6482. RISAV SHOULD NOT change the route or modify BGP. The relationship between RPKI and RISAV, I think, is that RPKI is the prerequisite of RISAV, i.e., the trust anchor of RISAV is RPKI. Maybe the deployment of RISAV would foster the deployment of RPKI in the future.
So we don't need to discuss MOAS in RISAV. We just need to enrich the introduction of the usage of RPKI in RISAV in my view. The basic is that the status of ROA in use should be not
INVALIDorUNKNOWNbutVALID.