Level 3's IRR Database

[andree+nanog at toonk.nl (Andree Toonk)]

Hi Randy,

.-- My secret spy satellite informs me that at 11-01-30 11:18 PM  Randy 
Bush wrote:

> so i am not sure what your point is.  please clarify with a concrete
> example.

Adjusting a route's degree of preference in the selection algorithm 
based on its validation state only works if it's exactly the same prefix.

Jack already sort of explained what I meant, but here's an example

Assume that youtube's prefix had a roa like this
Origin ASN:     AS36561
Prefixes:       208.65.152.0/22

Now AS17557 start to announce a more specific: 208.65.153.0/24. 
Validators would classify this as Invalid (2).
If we would only use local-prefs, routers would still choose to send it 
to AS17557 (Pakistan Telecom) as it's a more specific.

So in cases where the invalid announcement is a more specific, the only 
way to prevent 'hijacks' is to actually drop these 'invalid' 
announcement from day one.

I understand this is by design, but I can imagine some operators will be 
reluctant to actually drop routes when they start testing RPKI 
deployments in their networks.

Cheers,
  Andree