s1sfa
commented
6 years ago I guess the policies are sufficient to mark the bad route as invalid. filtering.rpki_bgp_origin_validation
I guess my issue isn't really a useful idea anymore.
Closed s1sfa closed 6 years ago
s1sfa
commented
6 years ago I guess the policies are sufficient to mark the bad route as invalid. filtering.rpki_bgp_origin_validation
I guess my issue isn't really a useful idea anymore.
Let say ASN1 advertises prefix 2.0.0.0/24 and they pass RPKI check. If there is an old or malicious IRRDB entry for 2.0.0.0/24 to ASN2 which also gets advertised to the route server(passing irrdb check but not rpki), is there anything to make sure that the RPKI validated prefix will have higher preference?
When I look at the bird config I don't see a protection for that situation.
Is it worth it to set a higher than default local preference which will protect an RPKI verified prefix vs a potential hijack attempt on the route server bgp table?