Hi Marco, Em 16/12/2019 10:28, Marco Paesani escreveu:
Marcelo, the route 170.79.184.0/22 <http://170.79.184.0/22> is not present on validator.
m.paesani@MX960-MIX-RE0# run show route 170.79.184.0/22 <http://170.79.184.0/22> exact active-path
inet.0: 782165 destinations, 5177202 routes (777291 active, 0 holddown, 20504 hidden) + = Active Route, - = Last Active, * = Both
170.79.184.0/22 <http://170.79.184.0/22> *[BGP/170] 3d 14:13:33, MED 500, localpref 100 AS path: 6762 53181 53135 I, validation-state: *unknown* > to 93.186.128.48 via xe-8/0/3.100
The strange thing is that it is being validated elsewhere. What I do not understand is why in some it appears as valid and others as unknown when everyone should be seeing the same information. Or am I mistaken? # whois -h whois.bgpmon.net " --roa 53135 170.79.184.0/22" 0 - Valid ------------------------ ROA Details ------------------------ Origin ASN: AS53135 Not valid Before: 2019-12-13 19:24:16 Not valid After: 2020-12-13 19:29:16 Expires in 363d6h55m11s Trust Anchor: rpki-repo.registro.br Prefixes: 170.79.184.0/22 (max length /24) ==================================================== # whois -h whois.bgpmon.net 170.79.184.0/22 % This is the BGPmon.net whois Service % You can use this whois gateway to retrieve information % about an IP adress or prefix % We support both IPv4 and IPv6 address. % % For more information visit: % https://portal.bgpmon.net/bgpmonapi.php Prefix: 170.79.184.0/22 Prefix description: Nettel Telecomunicacoes Ltda Country code: BR Origin AS: 53135 Origin AS Name: Nettel Telecomunica��es Ltda., BR RPKI status: ROA validation successful First seen: 2017-03-02 Last seen: 2019-12-14 Seen by #peers: 65
Marco Paesani
Skype: mpaesani Mobile: +39 348 6019349 Success depends on the right choice ! Email: marco@paesani.it <mailto:marco@paesani.it>
Il giorno lun 16 dic 2019 alle ore 12:54 Gondim via routing-wg <routing-wg@ripe.net <mailto:routing-wg@ripe.net>> ha scritto:
Hi Matthias,
Em 16/12/2019 08:43, Matthias Waehlisch escreveu: > [1] and [2] use different Trust Anchors. > > which prefix do you check?
For example 170.79.184.0/22 <http://170.79.184.0/22>
Other Autonomous Systems that I consulted also experienced this problem.
> > Cheers > matthias > > On Mon, 16 Dec 2019, Gondim via routing-wg wrote: > >> Dear all, >> >> Friday, here in Brazil, the RPKI was enabled. We have published our ROAs >> and are being validated in several places but we found a divergence. >> When we query our AS on this link [1] it appears to be valid but when we >> query our AS on this link [2], it appears as unknown. >> >> Is there any difference between the tools that might be causing this? >> >> [1] http://localcert.ripe.net:8088/bgp-preview >> >> [2] https://rpki-validator.ripe.net/bgp-preview
-- ⢀⣴⠾⠻⢶⣦⠀ Marcelo Gondim ⣾⠁⢠⠒⠀⣿⡁ Sysadmin - https://www.linuxinfo.com.br ⢿⡄⠘⠷⠚⠋ DA04 922E 78B3 44A5 3C8D 23D0 8DB5 571E E151 4E19 ⠈⠳⣄⠀⠀⠀⠀ Logic will get you from A to B. Imagination will take you everywhere. (Albert Einstein)