This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/routing-wg@ripe.net/
[routing-wg] NTT/AS2914 enabled RPKI OV 'invalid = reject' EBGP policies
- Previous message (by thread): [routing-wg] NTT/AS2914 enabled RPKI OV 'invalid = reject' EBGP policies
- Next message (by thread): [routing-wg] New on RIPE Labs: Internet Stability in Times of Corona
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Sandra Murphy
sandy at tislabs.com
Thu Mar 26 10:24:29 CET 2020
Congratulations, Job! You and NTT have been a voice for routing security and a source for useful tools and techniques for a very long time. The routing infrastructure is the better for your support. (And after this expression of gratitude, here’s the ask: when do we get to hear the lessons-learned?) —Sandy > On Mar 25, 2020, at 9:09 PM, Job Snijders <job at ntt.net> wrote: > > Dear Routing WG, > > Exciting news! Today NTT's Global IP Network (AS 2914) enabled RPKI > based BGP Origin Validation on virtually all EBGP sessions, both > customer and peering edge. This change positively impacts the Internet > routing system. > > The use of RPKI technology is a critical component in our efforts to > improve Internet routing stability and reduce the negative impact of > misconfigurations or malicious attacks. RPKI Invalid route announcements > are now rejected in NTT EBGP ingress policies. A nice side effect: > peerlock AS_PATH filters are incredibly effective when combined with > RPKI OV. > > For NTT, this is the result of a multiyear project, which included > outreach, education, collaboration with industry partners, and > production of open source software shared among colleagues in the > industry. > > Shout out to Louis & team (Cloudflare) for the open source GoRTR > software and the OpenBSD project for rpki-client(8). > > I hope some take this news as encouragement to consider RPKI OV > "invalid == reject"-policies as safe to deploy in their own BGP > environments too. :-) > > Kind regards, > > Job
- Previous message (by thread): [routing-wg] NTT/AS2914 enabled RPKI OV 'invalid = reject' EBGP policies
- Next message (by thread): [routing-wg] New on RIPE Labs: Internet Stability in Times of Corona
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]