CloudFlare issues?

[mark.tinka at seacom.mu (Mark Tinka)]

On 4/Jul/19 17:22, Francois Lecavalier wrote:

> Â 
>
> Following that Verizon debacle I got onboard with ROV, after a couple
> research I stopped my choice on the â?¦.drum rollâ?¦. CloudFlare GoRTR
> (https://github.com/cloudflare/gortr).  If you trust them enough they
> provide an updated JSON every 15 minutes of the global RIR aggregate. 
> Iâ??ll see down the road if weâ??ll fetch them ourselves but at least it
> got us up and running in less than an hour.  It was also easy for us
> to deploy as the routers and the servers are on the same PoP directly
> connected, so we donâ??t need the whole encryption recipe they provide
> for mass distribution.
>

Funny you should mention this... I was speaking with Tom today during an
RPKI talk he gave at MyNOG, about whether we'd be willing to trust their
RTR streams.

But, I'm glad you found a quick solution to get you up and running.
Welcome to the club.


> Â 
>
> But I also have a question for all the ROA folks out there. Â So far we
> are not taking any action other than lowering the local-pref â?? we want
> to make sure this is stable before we start denying prefixes.  So the
> question, is it safe as of this date to : 1.Accept valid, 2. Accept
> unknown, 3. Reject invalid?  Have any large network who implemented it
> dealt with unreachable destinations?  Iâ??m wondering as I havenâ??t found
> any blog mentioning anything in this regard and ClouFlare docs only
> shows example for valid and invalid, but nothing for unknown.
>
> Â 
>
> My assumption is that 1.Accept valid, 2. Accept unknown, 3. Reject
> invalid shouldnâ??t break anything.
>

Well, a Valid and NotFound state implicitly mean that the routes can be
used for routing/forwarding. In that case, the only policy we create and
apply is against Invalid routes, which is to DROP them.

Mark.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20190704/66755f90/attachment.html>