Hi,
At the moment we have some good visibility on the progress of these (and other networks) in their efforts to support drop invalids and the results are informative. e.g.:
https://stats.labs.apnic.net/rpki/AS1221
https://stats.labs.apnic.net/rpki/AS4826
and
https://stats.labs.apnic.net/rpki/AS7575
I think that this is useful data in terms of feedback to these networks as to how effective their RPKI deployment is.
If AS4608 turns on drop invalids, as you appear to be suggesting here, I for one would loose some aspects of visibility, and while we are all trying to deploy this and make it stable it seems to me to be a real shame if we were blinded from this deployment data at this stage.
The question for me is what is the _real_ objective of APNIC dropping invalids and are they other ways to achieve this that does not impair the visibility of measurement tools that we run from within AS4608?
regards,
Geoff
On 6 May 2021, at 12:22 pm, Aftab Siddiqui via SIG Routing Security sig-routingsecurity@apnic.net wrote:
Just in case you missed this blog post from Vivek."Cleaning up your RPKI invalid routes"
https://blog.apnic.net/2021/04/28/cleaning-up-your-rpki-invalid-routes/
APNIC is obviously based in Australia and thankfully so many major operators and IXs already drop invalids. AS4608 is connected to the following upstream as what I can see from the announcements.
AS4826 VOCUS-BACKBONE-AS Vocus Connect International Backbone, AU
AS7575 AARNET-AS-AP Australian Academic and Research Network (AARNet), AU
AS1221 ASN-TELSTRA Telstra Corporation Ltd, AU
along with several IXs in AU and SG (IX-AU, EQ-IX, Edge-IX and Mega-IX) and these IXs already drop RPKI invalids (EQX-IX may be). Vocus and Telstra also drop invalids. The question is, should APNIC just rely on upstream dropping the invalids or do it themselves?
Regards,
Aftab A. Siddiqui
_______________________________________________
SIG Routing Security mailing list -- sig-routingsecurity@apnic.net
To unsubscribe send an email to sig-routingsecurity-leave@apnic.net