Cloudflare AS13335 BGP Safe (In DK)?

Pls check Cloudflare BGP safety status in Denmark. (My ISP Hyper part of TDC in DK)

From my PC direct test w/o WARP: (Connected to One Trust with my ekstern IP4/IP6 and with DNS setup in my Unifi Network:

TEST: Your ISP (AS203953) implements BGP safely. It correctly drops invalid prefixes.

When WARP activated (same network):
TEST Your ISP (Cloudflare, AS13335) does not implement BGP safely. It should be using RPKI to protect the Internet from BGP hijacks.

I´m using test tool: Is BGP safe yet? · Cloudflare

WARP PC V 2022.5.341 and IOS 6.12



Cloudflare announces a particular prefix (which I cannot remember right now) explicitly for the purpose of that test. That prefix is RPKI invalid, and any AS that receives that prefix should drop it. The test attempts to connect to a hostname within that prefix, and the test expects that connection to fail.

Some ISPs explicitly block the test prefix, which is clearly bad practice. They should just implement RPKI as recommended by MANRS, and let the prefix be dropped.

I suspect the Cloudflare RPKI test does not account for that test prefix, but it is not something to be worried about.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.