This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[routing-wg] Annoucing supernets in BGP?

Previous message (by thread): [routing-wg] Annoucing supernets in BGP?
Next message (by thread): [routing-wg] One more time...

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Michael Markstaller mm at elabnet.de
Wed Sep 12 21:50:51 CEST 2012

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Alex,

On 11.09.2012 21:47, Alex Band wrote:
> Hi Michael,
> 
> On 11 Sep 2012, at 20:09, Michael Markstaller <mm at elabnet.de>
> wrote:
> 
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>> 
>> 
>>> I see three ways: 1) RPKI 2) RPKI 3) RPKI
>> 
>> I fully agree! But I ask: where is it used?
> 
> In total, well over a thousand LIRs in the RIPE region have set up
> RPKI. Together they created ROAs to cover about four /8s worth of
> IPv4 address space: 
> http://certification-stats.ripe.net/?type=roa-v4u
> 
>> Obviously nowhere at Tier1/2, otherwise we wouldn't see such a
>> big mess like 80/5 in BGP.. Is it up to me, a XS-provider to
>> start with - while its globally ignored?
> 
> Out of the 100 largest LIRs, roughly half has got RPKI enabled, but
> many of these parties are careful when implementing new technology.
>  There is a lot of testing going on that you can't see on the
> public Internet, just like LIRs who hold an IPv6 allocation that
> they don't announce (yet). However, if you point your RPKI
> Validator at prefixes like 91.0.0.0/10, 82.240.0.0/12 or
> 84.96.0.0/13, you'll see that it's not all bad news.
> 
> The big question is when operators will actually start using RPKI
> Origin Validation in their BGP decision making workflows. It's a
> complicated question to answer, with many factors involved.

Thanks for the detailed insights!
I will consider implementing RPKI for our resources ASAP.
(Though in this case it wouldn't have helped me)
I see the clear advantages this has over "just guessing" wether an
annoucement might be right or wrong - but there are also some risks
due to possible misconfiguration if it's only used by a minority..

Well, as you stated: it's complicated but I'm willing to adopt new and
reasonable things like this.

best regards

Michael
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlBQ55sACgkQaWRHV2kMuAJRXACfVCVD/oTPvNHgim228btUkwTQ
kvgAnjYAcmif439HdLcdQJO96NvDqukS
=Rwcp
-----END PGP SIGNATURE-----

Previous message (by thread): [routing-wg] Annoucing supernets in BGP?
Next message (by thread): [routing-wg] One more time...

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ routing-wg Archives ]