nanog mailing list archives

Re: Understanding impact of RPKI and ROA on existing advertisements

From: jim deleskie <deleskie () gmail com>
Date: Wed, 2 Nov 2022 22:35:49 +0100

I dont think ive every agreed with Owen this much, maybe this is the first
sign the wording is ending further proving his statement :)

On Wed, Nov 2, 2022 at 10:30 PM Owen DeLong via NANOG <nanog () nanog org>
wrote:

Oh, I’m not ignoring it, I’m just rather underwhelmed by it and given how
long it took SIDRWG to get RPKI this far,
not optimistic about any of the rest of the system getting deployed prior
to IPv6 ubiquity or the end of my time on
this planet, or even before we manage to destroy the planet, whichever
comes first.

Owen

On Nov 2, 2022, at 08:30, heasley <heas () shrubbery net> wrote:

Tue, Nov 01, 2022 at 06:24:50PM -0700, Owen DeLong via NANOG:

RPKI/ROA is a way to cryptographically prove what someone needs to

prepend if they want to hijack your addresses.


Operators should not be deterred by that comment.  Owen seems to be

ignoring

what it does achieve and that this is part of a larger system that is

still

emerging.  See IETF sidrops wg.  In the interim, do your part to improve
DFZ hygiene.

Owen

On Oct 28, 2022, at 08:00, Samuel Jackson <bobin.public () gmail com>

wrote:


Hello,
I am new to RPKI/ROA and still learning about RPKI. From all my

reading on ARIN's documents I am not able to answer some of my questions.

We have a public ARIN block and advertise smaller subnets from that to

our ISP's. We do not have any RPKI configs.

We need to setup ROA's to take another subnet from the ARIN block to

AWS. Reading ARIN's docs, it seems I need to get setup on their Hosted RPKI
service after which I can configure ROA's for the networks I am taking to
AWS.


My question is, will this impact my existing advertisements to my

ISP's. The current advertisements do not have ROA's.

Will having RPKI for my ARIN network, without ROA's for the existing

advertisements impact me?


Thanks for your help.

Ref:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html
https://www.arin.net/resources/manage/rpki/roa_request/
https://www.arin.net/resources/manage/rpki/hosted/

Current thread:

Re: Understanding impact of RPKI and ROA on existing advertisements, (continued)
- Re: Understanding impact of RPKI and ROA on existing advertisements Alex Band (Nov 01)
  - Re: Understanding impact of RPKI and ROA on existing advertisements Jon Lewis (Nov 01)
    - Re: Understanding impact of RPKI and ROA on existing advertisements heasley (Nov 01)
    - Re: Understanding impact of RPKI and ROA on existing advertisements Samuel Jackson (Nov 01)
    - Re: Understanding impact of RPKI and ROA on existing advertisements Randy Bush (Nov 01)
    - Re: Understanding impact of RPKI and ROA on existing advertisements Josh Luthman (Nov 02)
- Re: Understanding impact of RPKI and ROA on existing advertisements Douglas Fischer (Nov 01)
- Re: Understanding impact of RPKI and ROA on existing advertisements Owen DeLong via NANOG (Nov 01)
  - Re: Understanding impact of RPKI and ROA on existing advertisements heasley (Nov 02)
    - Re: Understanding impact of RPKI and ROA on existing advertisements Owen DeLong via NANOG (Nov 02)
    - Re: Understanding impact of RPKI and ROA on existing advertisements jim deleskie (Nov 02)
- RE: Understanding impact of RPKI and ROA on existing advertisements Jakob Heitz (jheitz) via NANOG (Nov 03)
  - Re: Understanding impact of RPKI and ROA on existing advertisements Randy Bush (Nov 03)