Starting to Drop Invalids for Customers

[randy at psg.com (Randy Bush)]

[ found in old emacs buffer.  might have already been sent ]

>> Invalid according to RPKI or IRR? Or both?
> 
> In this context the use of the word â??invalidâ?? refers to the result of
> validation procedure described in RFC 6811 - which is to match received BGP
> updates to the RPKI and attach either of â??validâ??, â??invalidâ??, or â??not-foundâ??.
> 
> In IRR, the challenge has always been that â??route:â?? objects describe a
> state of the network that may exist, but the semantics of â??route:â?? objects
> donâ??t allow extrapolation towards what should definitely *not* exist in the
> BGP Default-Free Zone.
> 
> RPKI ROAs (compared to IRR objects) carry different meaning: the existence
> of a ROA (both by definition and common implementation) supersedes other
> data sources (IRR, LOAs, or comments in whois records, etc), and as such
> can be used on any type of EBGP session for validation of the received
> Internet routing information.

do not disagree with your pedantry.  but ...

as i am pretty sure arturo knows all that.  i suspect he was wondering
if mark is gonna throw irr data in the mix the way chris says google
will (or does?).  and if so, how?  seems a useful question.

irr acls scale poorly in routers.  but mark said customer-facing, which
could be reasonable depending on the platform.  e.g. ntt uses irr-based
acls toward customers.

but i am cheered if mark is dropping rpki-based origin validation
invalids.  it's a big step.

randy