cdavid14
commented
4 years ago Maybe some cooperation with Krill (https://github.com/NLnetLabs/krill) to check and validate this prefixes
Open MrHamel opened 4 years ago
cdavid14
commented
4 years ago Maybe some cooperation with Krill (https://github.com/NLnetLabs/krill) to check and validate this prefixes
job
commented
4 years ago @MrHamel it is not entirely clear to me what you mean.
Can you provide (real) data in a user story to illustrate what should or should not happen?
MrHamel
commented
4 years ago A carrier can easily enforce RPKI as a requirement for a prefix to show up in the DFZ, at the time of turnup.
This idea would be opt-in with a command line argument, not default.
job
commented
4 years ago Can you show with mock-up data / cli output what you mean exactly?
MrHamel
commented
4 years ago Basically NTT IRR data with RPKI source data, but having the program do it's own validation when it's not using NTT data, or if someone is wearing a tinfoil hat.
Create an command line argument to require RPKI validation when generating the prefix list, to confirm the route(6) object's ASN can announce the prefix.
This may require the prefix to bypass the passed in arguments of "upto" and "le/ge" to maintain validity.