This is the tool we're using at IX Denver: https://arouteserver.readthedocs.io/en/latest/index.html RPKI is currently turned off at IX Denver. Doug,If you're interested then I'll unicast you the output of the script. It's a bit large for the list. On Wed, Dec 13, 2017 at 2:46 PM, Doug McIntyre <merlyn@iphouse.net> wrote:
On Fri, Dec 08, 2017 at 11:06:50PM -0600, Richard Laager wrote:
Zero length is a subset of “doesn’t start with their AS”, so if we filter on that condition, hopefully we will catch that too.
BIRD is probably the best tool for the job for doing the import BGP filtering for conditions based on either AS Path = 0 or start with their AS. It sounds like people want the BGP import function to change to include something like
function route_import(int asn) { .... if bgp_path.first != asn then return false; if bgp_path.len > 25 then return false; if bgp_next_hop != from then return false; return true; }
Are there other conditions that should be filtered on? (this is taken mostly from Ondřej Surý's examples).
As for doing RPKI, it looks like BIRD v2.0 supports that in some fashion, but that would have to be tested out in a lab. How many members would have an ROA already?
-- Doug McIntyre <merlyn@iphouse.net> ~.~ ipHouse ~.~ Network Engineer/Provisioning/Jack of all Trades
-- Jay Hanke CTO Neutral Path Communications 3 Civic Center Plaza, Suite 204 Mankato, MN 56001 (507) 327-2398 mobile jayhanke@neutralpath.net www.neutralpath.net