nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Understanding impact of RPKI and ROA on existing advertisements

From: Alex Band <alex () nlnetlabs nl>
Date: Tue, 1 Nov 2022 15:38:47 +0100
Creating ROAs for *all* the announcements that are done with your prefixes, both on your own AS and the ones announced 
by AWS, is probably the best way forward from both a routing security and ease-of-management perspective.

-Alex


On 28 Oct 2022, at 17:00, Samuel Jackson <bobin.public () gmail com> wrote:

Hello,
I am new to RPKI/ROA and still learning about RPKI. From all my reading on ARIN's documents I am not able to answer 
some of my questions.
We have a public ARIN block and advertise smaller subnets from that to our ISP's. We do not have any RPKI configs. 
We need to setup ROA's to take another subnet from the ARIN block to AWS. Reading ARIN's docs, it seems I need to get 
setup on their Hosted RPKI service after which I can configure ROA's for the networks I am taking to AWS.

My question is, will this impact my existing advertisements to my ISP's. The current advertisements do not have ROA's.
Will having RPKI for my ARIN network, without ROA's for the existing advertisements impact me?

Thanks for your help.

Ref:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html 
https://www.arin.net/resources/manage/rpki/roa_request/ 
https://www.arin.net/resources/manage/rpki/hosted/
Previous By Date Next
Previous By Thread Next

Current thread: