This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/routing-wg@ripe.net/
[routing-wg] RPKI Route Origin Validation - Africa
- Previous message (by thread): [routing-wg] ACM BuildSys 2019 - Nov. 13-14 - New York City - Call for Papers/Posters/Demos/PhD Colloquium Reminder
- Next message (by thread): [routing-wg] RPKI Route Origin Validation - Africa
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Job Snijders
job at ntt.net
Wed May 15 10:28:58 CEST 2019
Dear Ben and Mark, You are now almost 5 weeks into the deployment - can you share any insights on issues (or lack of issues) you've faced in the last 5 weeks? Did you have to create exceptions for "important destinations covered by misconfigured ROAs"? Are you aware of incidents that were prevented because of the actions you took? Any feedback from customers or partners? Kind regards, Job On Tue, Apr 09, 2019 at 11:51:49AM +0000, Ben Maddison via routing-wg wrote: > Hello all. > In November 2018 during the ZAPF (South African Peering Forum) meeting in Cape Town, 3 major African ISP's announced that they would enable RPKI-based ROV (Route Origin Validation), including dropping Invalid routes as part of efforts to improve Internet routing security, on the 1st April, 2019. > On the 1st of April, Workonline Communications (AS37271) enabled ROV and began dropping Invalid routes. This applies to all eBGP sessions, both IPv4 and IPv6. > On the 5th of April, SEACOM (AS37100) enabled ROV and began dropping Invalid routes. This applies to eBGP sessions with public peers, private peers and transit providers, both for IPv4 and IPv6. eBGP sessions toward downstream customers will follow in 3 months time. > Implementation at the third ISP has yet to be completed. We are sure they will communicate with the community when they are ready to do so. > Please note that for the legal reasons previously discussed in various fora, neither Workonline nor SEACOM are utilising the ARIN TAL. As a result, any routes covered only by a ROA issued under the ARIN TAL will fall back to a status of Not Found. Unfortunately, this means that ARIN members will not see any improved routing security for their prefixes on our networks until this is resolved. > We will each re-evaluate this decision if and when ARIN's policy changes. We are hopeful that this will happen sooner rather than later. > If you interconnect with either of us and believe that you are experiencing any routing issues potentially related to this new policy, please feel free to reach out to either: > - noc at workonline.africa > - peering at seacom.mu > Workonline Communications and SEACOM hope that this move encourages the rest of the ISP community around the world to ramp up their deployment of RPKI ROV and begin dropping Invalid routes. We appreciate the work that AT&T and others have carried out in the same vein. > In the mean time, we are happy to answer any questions you may have about our deployments. > Thanks, > Mark Tinka (SEACOM) & Ben Maddison (Workonline Communications).
- Previous message (by thread): [routing-wg] ACM BuildSys 2019 - Nov. 13-14 - New York City - Call for Papers/Posters/Demos/PhD Colloquium Reminder
- Next message (by thread): [routing-wg] RPKI Route Origin Validation - Africa
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]