Re: Global Akamai Outage

[Mark Tinka <mark@tinka.africa>]

On 7/26/21 07:25, Saku Ytti wrote:

> Doesn't matter. And I'm not trying to say RPKI is a bad thing. I like
> that we have good AS:origin mapping that is verifiable and machine
> readable, that part of the solution will be needed for many
> applications which intend to improve the Internet by some metric.
> And of course adding any complexity will have some rearing problems,
> particularly if the problem it attempts to address is infrequently
> occurring, so it would be naive not to expect an increased rate of
> outages while maturing it.

Yes, while RPKI fixes problems that genuinely occur infrequently, it's 
intended to work very well for when those problems do occur, especially 
the intentional hijacks, because when they do occur, it disrupts quite a 
large part of the Internet, even if for a few minutes or couple of 
hours. So from that standpoint, RPKI does add value.

Where I do agree with you is that we should restrain ourselves from 
applying RPKI to use-cases that are non-core to its reasons for 
existence, e.g., AS0.

I can count, on my hands, the number of RPKI-related outages that we 
have experienced, and all of them have turned out to be a 
misunderstanding of how ROA's work, either by customers or some other 
network on the Internet. The good news is that all of those cases were 
resolved within a few hours of notifying the affected party.

Mark.