Re: Are you ready for RPKI in your BGP?
There are some pieces in the RPKI puzzle. One is the definitions of protocols, that one is very advanced in the SIDR WG in the IETF. Not RFCs yet but I am sure we will se some soon. Another piece are repositories of CA's and ROAs and Trust Anchors. RIRs have they implementations or you could create your own if you want to keep your private keys. IMHO one piece missing (not the only one, but one important in this stage) is RTR (RPKI/Router Protocol) working in routers. May be is too soon to see it in production routers but I am only aware of one big vendor with testing code. Also open-source implementations (Quagga, Xorp, Bird, etc.) are not actively (or at all) working in RPKI, I would imagine that one first step for many operators is to test RPKI with these implementations. Regards, -as On 9 Dec 2010, at 06:37, nanog-request@nanog.org wrote:
Date: Wed, 8 Dec 2010 22:56:08 -0500 From: Jared Mauch <jared@puck.nether.net> Subject: Are you ready for RPKI in your BGP? To: North American Network Operators Group <nanog@nanog.org> Message-ID: <15FF52BA-388A-48E8-BDDE-A151E694E9AC@puck.nether.net> Content-Type: text/plain; charset=us-ascii
Are you ready for RPKI in your network?
While there's some dubious hyperbole in the article, the work that has been undertaken in SIDR wg re: RPKI is moving along.
For those of you preparing to assign 2011 goals to your employees, or something to self-assign, this should be in the top-5 or top-10 if you configure routers for BGP.
- Jared
IMHO one piece missing (not the only one, but one important in this stage) is RTR (RPKI/Router Protocol) working in routers.
i have been running test versions on ios xr on a gsr and ios classic on a 7200 for a while now.
I am only aware of one big vendor with testing code.
see your sales team
Also open-source implementations (Quagga, Xorp, Bird, etc.) are not actively (or at all) working in RPKI
first a nit. i would like to differentiate the RPKI, a certificate and routing infrastructure, from route origin validation. this is needed because there may be other uses of the RPKI. seondly, i believe NIST has a quagga hacked to do origin validation based on rpki-rtr protocol. randy
participants (2)
-
Arturo Servin
-
Randy Bush