Hi, On Tue, May 01, 2018 at 03:33:22PM -0400, Jay Borkenhagen wrote:
I know it's not precisely what you were asking for, but RPKI origin validation is configured on our route-server.ip.att.net, freely accessible via telnet.
You could run something like:
show route aspath-regex ".*5539.*" terse active-path | match /
I just ran that command and I see some prefixes validating in all three categories: Valid, Invalid, and Not Found.
Thanks, this is also useful information.
Of course, this method is influenced significantly by how the as7018 network learns routes that pass through as5539: if our best path to some destination does not come via 5539, it won't show up using this method.
Indeed :-) The information I was looking for is nicely visible, though... and what I was afraid I'd see... too much "N". The only "I" is something I was aware but had forgotten about ;-) - a sink-a-more-specific-/24 test that nicely exposes the problem of "strict /22" ROAs. thanks! Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279