[j-nsp] Please push Juniper to implement RFC6907
Weber, Markus
Markus.Weber at kpn.de
Thu Oct 10 05:29:43 EDT 2019
Mark wrote:
> So the validator is not even showing either /24, only the /23.
> Could it be implementing RFC 6907?
https://github.com/RIPE-NCC/rpki-validator-3 ...
> All of my IOS XR routers do not have the /24's in RIB, even if
> marked as Invalid. So either IOS XR is implementing RFC 6907
> aggressively, or the remote side is doing the same and dropping
> them before I get them (which would mean they are either running
> IOS XR,
Interesting. 7018 mentioned for another prefix "2402:7500::/32.
Our IOS-XR routers see the received as-path as '2914 9924 9924 9924
{24158,131614}'. The relevant VRP authorizes only 24158 to originate
2402:7500::/32-48."
The only difference I see here for 194.45.183.0/24 is, that the
ROA is for the 2nd AS in the AS_SET, above there is (or was) a
match for the first.
> or are working around the lack of this RFC in Junos.
Any idea how to workaround this in JunOS other than building
filters "somewhere else"? I wouldn't know how to easily drop
paths with AS_SET in JunOS.
Markus
--
AS286 - still here ...
More information about the juniper-nsp
mailing list