nanog mailing list archives
Re: ARIN and the RPKI (was Re: AltDB?)
From: Randy Bush <randy () psg com>
Date: Thu, 06 Jan 2011 13:16:27 +0900
We need at least these things to exist:
o an accurate mapping of resource (netblock/asn) to
authorized-entity (RIR/NIR/LIR/Customer/...)
o a system to manage this data for our routing equipment
see all the sidr documents in last call to go from i-ds to rfcs. oh, you co-chair sidr :)
o protocol enhancements that can be used to help propagate the
mapping information or at the least help a router programmaticly
understand if a resource is being used by the authorized entity
see draft-ietf-sidr-rpki-rtr-07
o routing software that can digest the enhanced data
in test. rumors of going normal release from at least one vendor in q2
o routing hardware that won't crumple under the weight of (what
seems like) heavier weight routing protocol requirements
actually, the formal rpki-based origin-validation stuff is measured to take *less* cpu, a lot less, than ACLs
There is, of course, some risk with this model and we should take the time to accept/discuss that as well.
some guidance toward ameliorating the risks are in <draft-ietf-sidr-rpki-origin-ops-00.txt>. input from ops into all this stuff would be most welcome. randy
Current thread:
- ARIN and the RPKI (was Re: AltDB?) Christopher Morrow (Jan 05)
- Re: ARIN and the RPKI (was Re: AltDB?) Randy Bush (Jan 05)
- Re: ARIN and the RPKI (was Re: AltDB?) Christopher Morrow (Jan 05)
- Re: ARIN and the RPKI (was Re: AltDB?) Dobbins, Roland (Jan 05)
- Re: ARIN and the RPKI (was Re: AltDB?) Christopher Morrow (Jan 05)
- Re: ARIN and the RPKI (was Re: AltDB?) Randy Bush (Jan 05)
- Re: ARIN and the RPKI (was Re: AltDB?) Kevin Oberman (Jan 06)
- Re: ARIN and the RPKI (was Re: AltDB?) Christopher Morrow (Jan 06)
- Re: ARIN and the RPKI (was Re: AltDB?) Randy Bush (Jan 06)
- Re: ARIN and the RPKI (was Re: AltDB?) Randy Bush (Jan 05)
- Re: ARIN and the RPKI (was Re: AltDB?) Randy Bush (Jan 05)