[routing-wg] Annoucing supernets in BGP?

Wed Sep 12 21:50:51 CEST 2012

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Alex,

On 11.09.2012 21:47, Alex Band wrote:
> Hi Michael,
> 
> On 11 Sep 2012, at 20:09, Michael Markstaller <mm at elabnet.de>
> wrote:
> 
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>> 
>> 
>>> I see three ways: 1) RPKI 2) RPKI 3) RPKI
>> 
>> I fully agree! But I ask: where is it used?
> 
> In total, well over a thousand LIRs in the RIPE region have set up
> RPKI. Together they created ROAs to cover about four /8s worth of
> IPv4 address space: 
> http://certification-stats.ripe.net/?type=roa-v4u
> 
>> Obviously nowhere at Tier1/2, otherwise we wouldn't see such a
>> big mess like 80/5 in BGP.. Is it up to me, a XS-provider to
>> start with - while its globally ignored?
> 
> Out of the 100 largest LIRs, roughly half has got RPKI enabled, but
> many of these parties are careful when implementing new technology.
>  There is a lot of testing going on that you can't see on the
> public Internet, just like LIRs who hold an IPv6 allocation that
> they don't announce (yet). However, if you point your RPKI
> Validator at prefixes like 91.0.0.0/10, 82.240.0.0/12 or
> 84.96.0.0/13, you'll see that it's not all bad news.
> 
> The big question is when operators will actually start using RPKI
> Origin Validation in their BGP decision making workflows. It's a
> complicated question to answer, with many factors involved.

Thanks for the detailed insights!
I will consider implementing RPKI for our resources ASAP.
(Though in this case it wouldn't have helped me)
I see the clear advantages this has over "just guessing" wether an
annoucement might be right or wrong - but there are also some risks
due to possible misconfiguration if it's only used by a minority..

Well, as you stated: it's complicated but I'm willing to adopt new and
reasonable things like this.

best regards

Michael
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlBQ55sACgkQaWRHV2kMuAJRXACfVCVD/oTPvNHgim228btUkwTQ
kvgAnjYAcmif439HdLcdQJO96NvDqukS
=Rwcp
-----END PGP SIGNATURE-----