[routing-wg] Annoucing supernets in BGP?
Michael Markstaller mm at elabnet.de
Wed Sep 12 21:50:51 CEST 2012
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Alex, On 11.09.2012 21:47, Alex Band wrote: > Hi Michael, > > On 11 Sep 2012, at 20:09, Michael Markstaller <mm at elabnet.de> > wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> >> >>> I see three ways: 1) RPKI 2) RPKI 3) RPKI >> >> I fully agree! But I ask: where is it used? > > In total, well over a thousand LIRs in the RIPE region have set up > RPKI. Together they created ROAs to cover about four /8s worth of > IPv4 address space: > http://certification-stats.ripe.net/?type=roa-v4u > >> Obviously nowhere at Tier1/2, otherwise we wouldn't see such a >> big mess like 80/5 in BGP.. Is it up to me, a XS-provider to >> start with - while its globally ignored? > > Out of the 100 largest LIRs, roughly half has got RPKI enabled, but > many of these parties are careful when implementing new technology. > There is a lot of testing going on that you can't see on the > public Internet, just like LIRs who hold an IPv6 allocation that > they don't announce (yet). However, if you point your RPKI > Validator at prefixes like 22.214.171.124/10, 126.96.36.199/12 or > 188.8.131.52/13, you'll see that it's not all bad news. > > The big question is when operators will actually start using RPKI > Origin Validation in their BGP decision making workflows. It's a > complicated question to answer, with many factors involved. Thanks for the detailed insights! I will consider implementing RPKI for our resources ASAP. (Though in this case it wouldn't have helped me) I see the clear advantages this has over "just guessing" wether an annoucement might be right or wrong - but there are also some risks due to possible misconfiguration if it's only used by a minority.. Well, as you stated: it's complicated but I'm willing to adopt new and reasonable things like this. best regards Michael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlBQ55sACgkQaWRHV2kMuAJRXACfVCVD/oTPvNHgim228btUkwTQ kvgAnjYAcmif439HdLcdQJO96NvDqukS =Rwcp -----END PGP SIGNATURE-----