This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/routing-wg@ripe.net/
[routing-wg] RPKI ROAs and Monitoring
- Previous message (by thread): [routing-wg] RPKI ROAs and Monitoring
- Next message (by thread): [routing-wg] RPKI ROAs and Monitoring
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Klaus Darilion
klaus.darilion at nic.at
Mon Dec 12 15:34:16 CET 2022
Thanks for the inputs. I now went with packetvis. Does anybody know who is behind packetvis? The home page is pretty quiet. Basically it works, but I would have expected that packetivs also shows ROAs. It show all my prefixes, but it does not show which of them have ROAs and which not. I guess I will give BGPalerter also a try. regards Klaus > -----Ursprüngliche Nachricht----- > Von: Massimo Candela <massimo at us.ntt.net> > Gesendet: Montag, 12. Dezember 2022 12:38 > An: Klaus Darilion <klaus.darilion at nic.at> > Cc: routing-wg at ripe.net > Betreff: Re: [routing-wg] RPKI ROAs and Monitoring > > Hello Klaus, > > An open-source monitoring application that does exactly what you are > asking for is BGPalerter [1]. Alternatively, if you are not keen on > running the app yourself, there is https://packetvis.com which is a > BGPalerter as a service. > > Ciao, > Massimo > > [1] https://github.com/nttgin/BGPalerter > > > > On Dec 12, 2022 12:12, Klaus Darilion via routing-wg <routing- > wg at ripe.net> wrote: > > > Hello all! > > > > Until now we have not used RPKI. For us at nic.at and RcodeZero DNS > we are not on the validating side of RPKI, but we would only create > ROAs, using the RIPE service. I could just login to the RIPE portal and > in 5 minutes it is done. But I am a bit concerned about activating the > service and do not care anymore. Hence I think we should have some > monitoring too. > > > > We have a defined target state, eg. prefix 83.136.32.0/21 should be > announced from AS30971. So I think our monitoring should check: > > - is there a ROA for 83.136.32.0/21 from AS30971 > > - is the ROA valid, ie. not expired > > - Will validating ISPs accept these prefixes? Will > validating ISPs reject this prefix if the orign AS is wrong (maybe > having a local Routinator or queriying a public service via API). > > > > Do you think this makes sense? Is such monitoring already available > and I only have to subcribe somewhere (free or comemrcial)? Do I miss > something? Any hints what I should do before and after creating the > ROAs? > > > > Thanks > > Klaus > > > > PS: What happens if my ROAs expire. Will then my BGP announcements > be ignored by validating ISPs or will it just be as if there are no ROAs > at all? > > > No roa at all. However, if a less specific roa exists, or a roa for > another AS, it could result in invalid. You would get notified by the > monitoring if roas are expiring. > > > > -- > > Klaus Darilion, Head of Operations > > nic.at GmbH, Jakob-Haringer-Straße 8/V > > 5020 Salzburg, Austria > > >
- Previous message (by thread): [routing-wg] RPKI ROAs and Monitoring
- Next message (by thread): [routing-wg] RPKI ROAs and Monitoring
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]