[afnog] RPKI
Mark Tinka
mark.tinka at seacom.mu
Tue Jul 28 07:55:08 UTC 2015
On 28/Jul/15 09:34, Saul wrote:
>
> Hi
>
> Sorry for not giving to much info here, but I still trying to pinpoint
> what the issue is.
>
>
>
> I am suddenly getting alerts from BGPmon about RPKI validation failing
> on some of my prefixes and I have made no changes.
>
>
>
> I am seeing different data on http://www.rpki.co.za/roas verses what I
> am seeing at HE.net – both what is valid and what I have ROAs for.
>
>
>
> I know of at least one other entity having issues as well and was
> wondering if it is not perhaps a bigger issue?
>
Can you send your prefixes through so we can check what the actual
validation state is vs. what HE are reporting?
There was a time when HE had an issue obtaining RPKI data from AFRINIC.
This was some kind of issue AFRINIC were having, I suppose when changing
over to the new PKI engine. That was fixed, but that was a couple of
months ago.
For my network (AS37100), both HE and www.rpki.co.za are showing the
correct data.
Also, note that AFRINIC have been encouraging operators to upgrade to
the new engine (which now supports max-length). I'm not sure whether
this could be affecting the old engine.
Mark.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.afnog.org/pipermail/afnog/attachments/20150728/5e264b7b/attachment.html>
More information about the afnog
mailing list