The long history of misconfigurations and errors in RPKI indicates that they cannot be easily avoided and will most probably persist also in the future. These errors create conflicts between BGP announcements and their covering ROAs, causing the RPKI validation to result in status invalid. Networks that enforce RPKI filtering with Route Origin Validation (ROV) would block such conflicting BGP announcements and as a result lose traffic from the corresponding origins. Since the business incentives of networks are tightly coupled with the traffic they relay, filtering legitimate traffic leads to a loss of revenue, reducing the motivation to filter invalid announcements with ROV. In this work, we introduce a new mechanism, LOV, designed for whitelisting benign conflicts on an Internet scale. The resulting whitelist is made available to RPKI supporting ASes to avoid filtering RPKI-invalid but benign routes. Saving legitimate traffic resolves one main obstacle towards RPKI deployment. We measure live BGP updates using LOV during a period of half a year and whitelist 52,846 routes with benign origin errors.

翻译：RPKI长期存在的配置错误和操作失误历史表明，这些问题难以完全避免，并很可能在未来持续存在。这些错误会导致BGP通告与其覆盖的ROA之间产生冲突，致使RPKI验证结果为无效状态。采用路由源验证（ROV）执行RPKI过滤的网络将阻止此类冲突的BGP通告，从而损失来自相应源地址的流量。由于网络运营商的商业利益与其转发的流量紧密相关，过滤合法流量会导致收入损失，进而降低通过ROV过滤无效通告的意愿。本研究提出一种名为LOV的新机制，旨在互联网范围内建立良性冲突白名单。生成的白名单可供支持RPKI的自治系统使用，以避免过滤RPKI无效但良性的路由。通过保障合法流量，我们消除了RPKI部署过程中的一个主要障碍。我们使用LOV对半年内的实时BGP更新进行监测，最终将52,846条存在良性源错误的路径纳入白名单。