Re: Understanding impact of RPKI and ROA on existing advertisements

[Owen DeLong via NANOG <nanog () nanog org>]

Oh, I’m not ignoring it, I’m just rather underwhelmed by it and given how long it took SIDRWG to get RPKI this far,
not optimistic about any of the rest of the system getting deployed prior to IPv6 ubiquity or the end of my time on
this planet, or even before we manage to destroy the planet, whichever comes first.

Owen


> On Nov 2, 2022, at 08:30, heasley <heas () shrubbery net> wrote:
>
> Tue, Nov 01, 2022 at 06:24:50PM -0700, Owen DeLong via NANOG:
> > RPKI/ROA is a way to cryptographically prove what someone needs to prepend if they want to hijack your addresses.
>
> Operators should not be deterred by that comment.  Owen seems to be ignoring
> what it does achieve and that this is part of a larger system that is still
> emerging.  See IETF sidrops wg.  In the interim, do your part to improve
> DFZ hygiene.
>
> > Owen
> >
> >
> > > On Oct 28, 2022, at 08:00, Samuel Jackson <bobin.public () gmail com> wrote:
> > >
> > > Hello,
> > > I am new to RPKI/ROA and still learning about RPKI. From all my reading on ARIN's documents I am not able to answer 
> > > some of my questions.
> > > We have a public ARIN block and advertise smaller subnets from that to our ISP's. We do not have any RPKI configs. 
> > > We need to setup ROA's to take another subnet from the ARIN block to AWS. Reading ARIN's docs, it seems I need to 
> > > get setup on their Hosted RPKI service after which I can configure ROA's for the networks I am taking to AWS.
> > >
> > > My question is, will this impact my existing advertisements to my ISP's. The current advertisements do not have 
> > > ROA's.
> > > Will having RPKI for my ARIN network, without ROA's for the existing advertisements impact me?
> > >
> > > Thanks for your help.
> > >
> > > Ref:
> > > https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html 
> > > https://www.arin.net/resources/manage/rpki/roa_request/ 
> > > https://www.arin.net/resources/manage/rpki/hosted/