Routing security is important and it is great to see that it is now on the agenda of many network operators. We're going to organise an RPKI signing party to further increase deployment.
Routing security is a hot topic within the Internet engineering community, as is evident from NLNOG meeting last September.
During the recent RIPE 77 meeting in Amsterdam, NLNOG initiated a gathering to share success stories and experiences about deploying RPKI as a routing security strategy. At that meeting nobody raised any concerns about the value of RPKI or its usefulness to operators' routing security. In fact, the only real question from attendees was "How do I get there?"
It was great to see engineers who already deployed RPKI and those who haven't come together. There were some interesting discussions and people offered to help each other and to continue discussions on optimising the technology further.
Highlights from the meeting
- Software developers from all RPKI validators were present and shared their roadmap. This gave some interesting perspective on where they are and what the outlook is.
- The Netherlands is leading in RPKI deployment, with many operators in the room indicating that they have already deployed and are actively rejecting invalid routes.
- Many people in the room indicated they are planning to deploy RPKI Origin Validation.
- KPN and Liberty Global (the two largest Dutch domestic access networks) indicated they are deploying or exploring how to deploy.
- Operators are helping each other by sharing configuration examples or customer trouble cases.
- The room indicated that they see few problems after having deployed, and nobody has backed out of the changes they have made!
Next steps
There is clearly a lot of momentum around RPKI deployment in the Netherlands. The question now is where do we go from here? We will continue to bring operators together to discuss ways to advance RPKI, and we hope you will be in a position to share your RPKI experience next time we have such an event.
Join us at the RPKI Signing Party!
In cooperation with the RIPE NCC and other organisations, we will organise an RPKI Signing Party / Hackathon early 2019. During the meeting, we would like to see five or six network operators implement RPKI in their live networks, from scratch, and to work with developers to develop validator-related code and/or work on integrations with, for example, popular monitoring systems.
We are very excited with the great results so far and it's positive to see routing security becoming a more prominent topic on the security agenda. There’s still a lot of work to do but with every step we take the Internet will become more secure and stable.
Comments 2
Comments are disabled on articles published more than a year ago. If you'd like to inform us of any issues, please reach out to us via the contact form here.
Carlos Friacas •
Thanks for this article! People need to start publishing their ROAs. It's simple. Just jump into your LIRPortal account. Go to "Resources", then "RPKI Dashboard" and then you can easily select routes and create your ROAs. This is the basic step that will bring value to RPKI, even if you only start doing Validation on your backbone for everyone else's routes at some point in the future. An RPKI Signing Party is a great idea. Maybe this could be ran online, over some videochat platform, on a monthly basis...
Hide replies
Melchior Aelmans •
Thanks for commenting Carlos! I couldn't agree more! I'll discuss your idea about a online version as well!