5 Dec
2014
5 Dec
'14
1:27 p.m.
rpki might work at scale. ohhh noooooooooo!
rtconfig + prefix lists were never going to work at scale, so rpsl based filters were mostly only ever deployed on asn edges rather than dfz core inter-as bgp sessions. This meant that the damage that a bad update might cause would be relatively limited in scope. RPSL's scaling limitations do not apply to rpki, so in theory the scope for causing connectivity problems is a good deal greater. So if e.g. ARIN went offline or signed some broken data which caused Joe's Basement ISP in Lawyerville to go offline globally, you can probably see why ARIN would want to limit its liability.
if it works, it is scary and must be stopped! and arin is doing such a great job of that. randy