Skip to main content

Origin Validation Policy Considerations for Dropping Invalid Routes

Document Type Expired Internet-Draft (individual)
Expired & archived
Authors Kotikalapudi Sriram , Oliver Borchert , Doug Montgomery
Last updated 2023-05-31 (Latest revision 2022-11-27)
RFC stream (None)
Intended RFC status (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


Deployment of Resource Public Key Infrastructure (RPKI) and Route Origin Authorizations (ROAs) is expected to occur gradually over several or many years. During the incremental deployment period, network operators would wish to have a meaningful policy for dropping Invalid routes. Their goal is to balance (A) dropping Invalid routes so hijacked routes can be eliminated, versus (B) tolerance for missing or erroneously created ROAs for customer prefixes. This document considers a Drop Invalid if Still Routable (DISR) policy that is based on these considerations. The key principle of DISR policy is that an Invalid route can be dropped if a Valid or NotFound route exists for a subsuming less specific prefix.


Kotikalapudi Sriram
Oliver Borchert
Doug Montgomery

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)