[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

deploying RPKI based Origin Validation

Subject: deploying RPKI based Origin Validation
From: mark.tinka at seacom.mu (Mark Tinka)
Date: Sat, 14 Jul 2018 07:06:22 +0200
In-reply-to: <CAL9jLaa_oXn-5a=m+mM5E8gETP2YsBvbBNvmee0Lt5vbV6+d2Q@mail.gmail.com>
References: <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <CAL9jLaYExYkkZnCFHXKp_khzdc62W04UbukDbgGsjBuoiQ4CTA@mail.gmail.com> <[email protected]> <CAL9jLaa_oXn-5a=m+mM5E8gETP2YsBvbBNvmee0Lt5vbV6+d2Q@mail.gmail.com>

On 13/Jul/18 19:28, Christopher Morrow wrote:

> I think getting to Job's world is a goal, I think living in Mark's is a
> reality for a bit still.
> (yes, you could ALSO do some game playing where the customer ports for TSW
> were in a VRF with no 'bad' routes, but.. complexity)

This summarizes the current status of affairs quite accurately.

I'd like to get to the point where RPKI is widely deployed so that we
can all run a cleaner BGP. I don't think that waiting for all BGP
operators to enable RPKI and drop Invalids will be the solution. So if
the top 7 global operators decided to do it, and perhaps suffer the pain
of the effects for a few months, the rest of the community will be
inclined to follow suit.

Kind of like how only a few major operators really use RPSL, which
forces all BGP operators to keep some kind of updated IRR, even if they,
themselves, may not be RPSL users.

> sure thing! (err, this rpki/secure-routing business isn't really super
> intuitive :( )

As always, the difficult bit is done, i.e., the protocol spec. is
clearly defined, there is code in routing software, and there are plenty
of options for Route Validation software.

But as always, the hard part is getting the community to implement, as
we've seen with IPv6 and DNSSEC.

Mark.

Follow-Ups:
- deploying RPKI based Origin Validation
  - From: baldur.norddahl at gmail.com (Baldur Norddahl)

References:
- deploying RPKI based Origin Validation
  - From: job at ntt.net (Job Snijders)
- deploying RPKI based Origin Validation
  - From: mark.tinka at seacom.mu (Mark Tinka)
- deploying RPKI based Origin Validation
  - From: job at ntt.net (Job Snijders)
- deploying RPKI based Origin Validation
  - From: mark.tinka at seacom.mu (Mark Tinka)
- deploying RPKI based Origin Validation
  - From: gtaylor at tnetconsulting.net (Grant Taylor)
- deploying RPKI based Origin Validation
  - From: morrowc.lists at gmail.com (Christopher Morrow)
- deploying RPKI based Origin Validation
  - From: gtaylor at tnetconsulting.net (Grant Taylor)
- deploying RPKI based Origin Validation
  - From: morrowc.lists at gmail.com (Christopher Morrow)

Prev by Date: deploying RPKI based Origin Validation
Next by Date: deploying RPKI based Origin Validation
Previous by thread: deploying RPKI based Origin Validation
Next by thread: deploying RPKI based Origin Validation
Index(es):
- Date
- Thread