Origin Validation Policy Considerations for Dropping Invalid Routes

The information below is for an old version of the document
Document Type Expired Internet-Draft (individual)
Last updated 2020-04-24 (latest revision 2019-10-22)
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


Deployment of Resource Public Key Infrastructure (RPKI) and Route Origin Authorizations (ROAs) is expected to occur gradually over several or many years. During the incremental deployment period, network operators would wish to have a meaningful policy for dropping Invalid routes. Their goal is to balance (A) dropping Invalid routes so hijacked routes can be eliminated, versus (B) tolerance for missing or erroneously created ROAs for customer prefixes. This document considers a Drop Invalid if Still Routable (DISR) policy that is based on these considerations. The key principle of DISR policy is that an Invalid route can be dropped if a Valid or NotFound route exists for a subsuming less specific prefix.


Kotikalapudi Sriram (ksriram@nist.gov)
Oliver Borchert (oliver.borchert@nist.gov)
Doug Montgomery (dougm@nist.gov)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)