This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[routing-wg] Ensuring RPKI ROAs match your routing intent
- Next message (by thread): [routing-wg] Ensuring RPKI ROAs match your routing intent
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Tim Bruijnzeels
tim at nlnetlabs.nl
Wed Jul 1 16:01:22 CEST 2020
Hi Randy, all, > On 26 Jun 2020, at 16:04, Randy Bush <randy at psg.com> wrote: > >> Krill uses these RIS dumps too for this initial release, but we intend >> to evolve it over the next releases with something more real-time, as >> well as letting you plug in a local router feed > > drl considered this but i voted against it. my local router is already > too heavily influenced by my local rpki collection and policies. when i > contemplate a new roa, i want to see how it might impact anything > floating around in the global table as seen from as many vantage points > as possible; hence route views and ris. of course, that thought was a > decade plus ago, and ymmv. I think that for a start RIS and RouteViews are great. However, as ROV becomes more deployed and your upstreams may start dropping your unintended invalids, those may not show up any more in those views. So, I think that in future local feeds will become more important. This could be based on automated router config set ups (like IPAM solutions) which can use an API to create the ROAs as needed. Or it could be 'just-in-time' or well.. 'just-too-late' authorisations based on a real local BGP feed even. Indeed YMMV and we are still exploring this. Note that even then monitoring your own prefixes in the global BGP in relation to your ROAs from other vantage points will still be important. I expect that something like BGP Alerter (or similar) rather than your own RPKI CA will be more suitable for this purpose. Tim > > randy
- Next message (by thread): [routing-wg] Ensuring RPKI ROAs match your routing intent
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]