roa_check RPKI

Alarig Le Lay alarig at swordarmor.fr
Sat Oct 10 23:14:47 CEST 2020


On Sat 10 Oct 2020 22:05:45 GMT, Fabiano D'Agostino wrote:
> How does roa_check(roa_table,net,bgp_path.last) work?
> Having such a ROA as example:
> origin AS: 64513
> prefix: 78.150.40.0/20
> max mask: 24
> 
> and a BGP announcement:
> origin AS: 64514
> prefix: 78.150.45.0/22
> 
> so it's as invalid, but how does this check work?
> roa_table: validated roa record (validated cache)
> net: should be the current prefix so 78.150.45.0/22
> what is bgp_path.last and how does roa_check function do the check?
> 
> Thanks,
> 
> Fabiano

I don’t know how you endded up to this data, but the /20 should be
78.150.40.0/20 and the /22 78.150.45.0/22. Also 64513 is a private ASN,
so announcing public space from a private ASN will be invalid, whatever
you try to do.

-- 
Alarig


More information about the Bird-users mailing list