RIPE Policy Proposal 2008-04

This is a proposal to introduce a new registry that augments IRR data with the formally verifiable trust model of the Resource Public Key Infrastructure (RPKI) and provide ISPs with the tools to generate an overlay to the IRR which is much more strongly trustable.

The current methods for adding or updating Internet Routing Registry (IRR) data have weak security, and lack an inherent formally verifiable structure, resulting in a low level of trust in IRR data.

To address the problem of this low level of trust in IRR data, there have been proposals to use Resource Public Key Infrastructure (RPKI) to sign IRR data. The problem with most of the proposed schemes, however, is that they are conceptually weak and hard to implement due to the differences between the trust structures of the the IRR and the RPKI.

More recently, however, Ruediger Volk has described a very simple method of using the RPKI that involves no change to the IRR, software that uses the IRR, or the RPKI.

This is a proposal to implement Ruediger Volk's idea to strengthen the operators' use of data in the global IRR.

It is proposed that:

The RIPE NCC publish a new IRR registry that contains route objects generated from Route Origin Authorizations (ROAs) in the RPKI.

Note that this would be from the global RPKI, and would therefore cover the entire routing space, in so much as the RPKI covers the global space.

Operators who use the IRR to generate routing filters would be able to put this new IRR registry logically in front of the other registries, therefore preferring formally validatable routing origin information generated from the RPKI.

This new registry would be made available as an IRR publication point.

The RIPE NCC publish an open source tool that enables network operators to generate their own overlay IRR publication points. While such a generated IRR publication point should be identical to the one generated and made available by the RIPE NCC as above, it allows the security conscious operator to have a more formal trust model, as it prevents attacks on the IRR segment generated and served by the RIPE NCC.

• Router filters would be more reliable as they would prefer RPKI validated origins, where available, rather than those not validated
  in the RPKI. ISPs would achieve this by configuring tools that automatically generate router filters to give priority to the IRR publication point of the new registry based on RPKI-signed objects.
• The community will have an enhanced ability to filter BGP peer prefixes at no additional cost or changes to the data or tool bases. This would increase the reliability of the global routing system.
• This new IRR publication point would be much simpler than other current ideas about how to use RPKI in conjunction with IRR data.
• This proposal requires no changes to RPSL, the IRR, IRRToolSets, or the RPKI.

None are known.