Wanted to get some input on how much sense it makes to implement RPKI on an enterprise network? I feel in a multi homed setup with full routing tables from the ISPs there would be some use (and certainly no harm) in setting this up, with some simple policy-statements/route-maps to prefer validated prefixes over non-valited (and depref invalid ones).
Obviously this is in response to recent hijacks and naturally this makes more sense to do on the ISP side, but not like most of the large ISPs will bother setting this up.
No comments:
Post a Comment