nanog mailing list archives
Re: Reaching out to ARIN members about their RPKI INVALID prefixes
From: Alex Band <alex () nlnetlabs nl>
Date: Wed, 19 Sep 2018 11:45:24 +0200
On 19 Sep 2018, at 10:37, Christopher Morrow <morrowc.lists () gmail com> wrote: On Wed, Sep 19, 2018 at 1:33 AM Phil Lavin <phil.lavin () cloudcall com> wrote:What about an one-off outreach effort?Makes sense to me. As someone who (at least pretends to) care, I was very much unaware of RPKI before seeing discussion about it on NANOG and #ix. That said, having recently done this with ARIN... they've got a long way to go before it's a simple process (like RIPE). Submitting numerous tickets over a 3 day period doesn't strike me as particularly efficient. If outreach was done and widely taken up, I'd think ARIN's help desk will struggle to meet the demand. If this is the case and it's a multi-week process to get RPKI set up, it would be expected that people will give up part way through the process.Phil. Thanks, this is interesting input.. I expected that the system arin setup was on-par with that which ripe/apnic have setup... huh, I'm surprised that it required any tickets at all to accomplish :(
ARIN offers all of the features that the other RIRs do, but usability remains a (big) barrier. I did a talk at NANOG several years ago demonstrating how usability of the hosted RPKI system greatly impacted adoption and data quality in the RIPE region: https://youtu.be/R2VV_APOFL8 At the time, a lot of effort went into providing a hosted RPKI system that suggested ROAs based on best practices, showed what the impact on BGP announcements was going to be and sent alerts when misconfigurations or hijacks occurred. This gives operators the confidence to use and maintain the system. As a result, the data set is now big and high quality enough for operators to start dropping invalids. I’d be interested to hear how many operators in the ARIN region would be willing to set up ROAs (and maintain them!) if it weren’t so hard to do. This might entice ARIN to address the usability issue. Because non-repudiation or not, this process shouldn’t have to take several tickets and several days. Be that as it may, we fully intend to build a Delegated CA that is on par with RIPE’s user experience so that operators can run RPKI themselves in a usable way. Alex Band NLnet Labs
Current thread:
- Re: Reaching out to ARIN members about their RPKI INVALID prefixes, (continued)
- Re: Reaching out to ARIN members about their RPKI INVALID prefixes Jared Mauch (Sep 19)
- Re: Reaching out to ARIN members about their RPKI INVALID prefixes Baldur Norddahl (Sep 20)
- Re: Reaching out to ARIN members about their RPKI INVALID prefixes Joe Provo (Sep 19)
- Re: Reaching out to ARIN members about their RPKI INVALID prefixes Owen DeLong (Sep 18)
- Re: Reaching out to ARIN members about their RPKI INVALID prefixes nusenu (Sep 19)
- Re: Reaching out to ARIN members about their RPKI INVALID prefixes Christopher Morrow (Sep 19)
- Re: Reaching out to ARIN members about their RPKI INVALID prefixes Job Snijders (Sep 19)
- Re: Reaching out to ARIN members about their RPKI INVALID prefixes Christopher Morrow (Sep 19)
- RE: Reaching out to ARIN members about their RPKI INVALID prefixes Phil Lavin (Sep 19)
- Re: Reaching out to ARIN members about their RPKI INVALID prefixes Christopher Morrow (Sep 19)
- Re: Reaching out to ARIN members about their RPKI INVALID prefixes Alex Band (Sep 19)
- Re: Reaching out to ARIN members about their RPKI INVALID prefixes nusenu (Sep 19)
- Re: Reaching out to ARIN members about their RPKI INVALID prefixes Owen DeLong (Sep 19)
- Re: Reaching out to ARIN members about their RPKI INVALID prefixes nusenu (Sep 19)
- Re: Reaching out to ARIN members about their RPKI INVALID prefixes Owen DeLong (Sep 19)
- Re: Reaching out to ARIN members about their RPKI INVALID prefixes nusenu (Sep 18)
- Re: Reaching out to ARIN members about their RPKI INVALID prefixes Christopher Morrow (Sep 18)
- Re: Reaching out to ARIN members about their RPKI INVALID prefixes Owen DeLong (Sep 18)
- Re: Reaching out to ARIN members about their RPKI INVALID prefixes Christopher Morrow (Sep 18)