On 8/11/25 20:19, Yang Yu wrote:
On Thu, Aug 7, 2025 at 5:48 AM Jeffrey Haas<[email protected]> wrote:
AS_SETs are a lovely place to drop such poisoning.
TIL AS_SET has also been used for aspath poisoning, this might be less
effective as some implementation simply ignores AS_SET which
complicates aspath length calculation / origin ASN matching / AS
relationship matching.
RPKI origin validation code, as currently deployed, effectively kills
sets when invalids are dropped by the operator.
This means the use of sets for poisoning is effectively a dead tool
beyond a single AS hop.
-- Jeff
_______________________________________________
GROW mailing list -- [email protected]
To unsubscribe send an email to [email protected]
