nanog mailing list archives
Re: deploying RPKI based Origin Validation
From: Mark Tinka <mark.tinka () seacom mu>
Date: Sat, 14 Jul 2018 07:06:22 +0200
On 13/Jul/18 19:28, Christopher Morrow wrote:
I think getting to Job's world is a goal, I think living in Mark's is a reality for a bit still. (yes, you could ALSO do some game playing where the customer ports for TSW were in a VRF with no 'bad' routes, but.. complexity)
This summarizes the current status of affairs quite accurately. I'd like to get to the point where RPKI is widely deployed so that we can all run a cleaner BGP. I don't think that waiting for all BGP operators to enable RPKI and drop Invalids will be the solution. So if the top 7 global operators decided to do it, and perhaps suffer the pain of the effects for a few months, the rest of the community will be inclined to follow suit. Kind of like how only a few major operators really use RPSL, which forces all BGP operators to keep some kind of updated IRR, even if they, themselves, may not be RPSL users.
sure thing! (err, this rpki/secure-routing business isn't really super intuitive :( )
As always, the difficult bit is done, i.e., the protocol spec. is clearly defined, there is code in routing software, and there are plenty of options for Route Validation software. But as always, the hard part is getting the community to implement, as we've seen with IPv6 and DNSSEC. Mark.
Current thread:
- deploying RPKI based Origin Validation Job Snijders (Jul 12)
- Re: deploying RPKI based Origin Validation Mark Tinka (Jul 13)
- Re: deploying RPKI based Origin Validation Job Snijders (Jul 13)
- Re: deploying RPKI based Origin Validation Mark Tinka (Jul 13)
- Re: deploying RPKI based Origin Validation Grant Taylor via NANOG (Jul 13)
- Re: deploying RPKI based Origin Validation Christopher Morrow (Jul 13)
- Re: deploying RPKI based Origin Validation Job Snijders (Jul 13)
- Re: deploying RPKI based Origin Validation Mark Tinka (Jul 13)
- Re: deploying RPKI based Origin Validation Grant Taylor via NANOG (Jul 13)
- Re: deploying RPKI based Origin Validation Christopher Morrow (Jul 13)
- Re: deploying RPKI based Origin Validation Mark Tinka (Jul 13)
- Re: deploying RPKI based Origin Validation Baldur Norddahl (Jul 14)
- Re: deploying RPKI based Origin Validation Mark Tinka (Jul 14)
- Re: deploying RPKI based Origin Validation Job Snijders (Jul 16)
- Re: deploying RPKI based Origin Validation Mark Tinka (Jul 17)
- Re: deploying RPKI based Origin Validation Job Snijders (Jul 17)
- Re: deploying RPKI based Origin Validation George Michaelson (Jul 17)
- Re: deploying RPKI based Origin Validation Mark Tinka (Jul 18)
- Re: deploying RPKI based Origin Validation Job Snijders (Jul 13)
- Re: deploying RPKI based Origin Validation Mark Tinka (Jul 13)
- RE: deploying RPKI based Origin Validation Michel Py (Jul 17)
- Re: deploying RPKI based Origin Validation Mark Tinka (Jul 18)
- RE: deploying RPKI based Origin Validation Michel Py (Jul 18)