[lacnog] NTT/AS2914 enabled RPKI OV 'invalid = reject' EBGP policies
Carlos M. Martinez
carlosm3011 en gmail.com
Jue Mar 26 10:54:11 GMT+3 2020
Congratulations Job !
On 25 Mar 2020, at 22:07, Job Snijders wrote:
> Dear LACNOG,
> Exciting news! Today NTT's Global IP Network (AS 2914) enabled RPKI
> based BGP Origin Validation on virtually all EBGP sessions, both
> customer and peering edge. This change positively impacts the Internet
> routing system.
> The use of RPKI technology is a critical component in our efforts to
> improve Internet routing stability and reduce the negative impact of
> misconfigurations or malicious attacks. RPKI Invalid route announcements
> are now rejected in NTT EBGP ingress policies. A nice side effect:
> peerlock AS_PATH filters are incredibly effective when combined with
> RPKI OV.
> For NTT, this is the result of a multiyear project, which included
> outreach, education, collaboration with industry partners, and
> production of open source software shared among colleagues in the
> Shout out to Louis & team (Cloudflare) for the open source GoRTR
> software and the OpenBSD project for rpki-client(8).
> I hope some take this news as encouragement to consider RPKI OV
> "invalid == reject"-policies as safe to deploy in their own BGP
> environments too. :-)
> If you have questions, feel free to reach out to me directly.
> Kind regards,
> LACNOG mailing list
> LACNOG en lacnic.net
> Cancelar suscripcion: https://mail.lacnic.net/mailman/options/lacnog
Más información sobre la lista de distribución LACNOG