Are you ready for RPKI in your BGP?

Arturo_Servin · December 9, 2010, 11:16am

There are some pieces in the RPKI puzzle.

One is the definitions of protocols, that one is very advanced in the SIDR WG in the IETF. Not RFCs yet but I am sure we will se some soon.

Another piece are repositories of CA's and ROAs and Trust Anchors. RIRs have they implementations or you could create your own if you want to keep your private keys.

IMHO one piece missing (not the only one, but one important in this stage) is RTR (RPKI/Router Protocol) working in routers. May be is too soon to see it in production routers but I am only aware of one big vendor with testing code. Also open-source implementations (Quagga, Xorp, Bird, etc.) are not actively (or at all) working in RPKI, I would imagine that one first step for many operators is to test RPKI with these implementations.

Regards,
-as

Bandy_Rush1 · December 9, 2010, 12:54pm

IMHO one piece missing (not the only one, but one important in this
stage) is RTR (RPKI/Router Protocol) working in routers.

i have been running test versions on ios xr on a gsr and ios classic on
a 7200 for a while now.

I am only aware of one big vendor with testing code.

see your sales team

Also open-source implementations (Quagga, Xorp, Bird, etc.) are not
actively (or at all) working in RPKI

first a nit. i would like to differentiate the RPKI, a certificate and
routing infrastructure, from route origin validation. this is needed
because there may be other uses of the RPKI.

seondly, i believe NIST has a quagga hacked to do origin validation
based on rpki-rtr protocol.

randy