War Story: RPKI is Working as Intended
• 8 min read
Three weeks ago, Fastly was the target of a BGP hijack similar to a far more widely-reported incident that happened back in 2008. But this time, barely anyone noticed. Why is that?
Based in Amsterdam, Netherlands
Articles
Likes on articles
Job Snijders is an Internet Engineer, he analyzes and architects global networks for future growth. Job has been actively involved in the Internet community in both operational, engineering, and architectural capacity, as a frequent presenter at network operator events such as NANOG, ITNOG, DKNOG, RIPE, NLNOG & APRICOT, and in a number of community projects for almost 20 years. Job is co-chair of the IETF GROW & SSHM working groups, director of the Route Server Support Foundation, and developer for the OpenBSD project. Job has designed and implemented important extensions to BGP, RRDP, and RPKI. Job's special interests are BGP routing policies, RPKI based routing security, and large Internet scale PKIX-RPKI & BGP deployments. Job helps maintain several software projects such as rpki-client, StayRTR, & bgpq4, and is active in the IETF where he have coauthored and contributed to numerous Internet-Drafts and RFCs. Job has experience with the implementation and operation of RPKI Certificate Authorities, Publication Servers, and Relying Parties.
Website: https://sobornost.net/~job
• 8 min read
Three weeks ago, Fastly was the target of a BGP hijack similar to a far more widely-reported incident that happened back in 2008. But this time, barely anyone noticed. Why is that?
• 7 min read
Happy new year everyone! Having just closed chapter 2023 - let's look back at the previous year. In this article, I'll share some RPKI statistics, summarise highlights from the IETF standards development process, and reflect on emerging trends.
• 13 min read
Tricks to help reduce bandwidth and CPU cycles for both RPKI Publication Point servers and RPKI validators when switching between RRDP and RSYNC transports, as implemented in rpki-client.
• 2 min read
Here is a plea to keep Internet services on in these times where we rely on online communications.
• 3 min read
On Sunday, 17 February 2019, 51 representatives from 37 organisations came together in Cloudflare's San Francisco offices for a roundtable discussion. The aim was to discuss operational aspects of RPKI deployment. RPKI technology is nowadays seen as the best way forward to secure the Internet's rou…
• 1 min read
RFC 8195 presents examples and inspiration for the operational application of BGP Large Communities.
• 4 min read
"External BGP (EBGP) Route Propagation Behavior without Policies” was published as RFC 8112 . What does this mean for network operators and vendors?
• 6 min read
Over the past few years, many new local Network Operator Groups (NOGs) have been set up, each of them defined by their own unique characteristics. We wanted to share some of our experiences from setting up the Netherlands Network Operator Group (NLNOG).
Showing 8 article(s)
You mention fantastic open source projects, I’ve worked with all of them and even contributed code to some. But note that not all of them have the functionality required to operate as a route server, or a need for external funding. The fact that numerous IXPs (DE-CIX, Netnod, AMS-IX, BCIX, LONAP, Asteroid, Namex, University of Oslo) helped fund this project together with the RIPE NCC community fund shows that the market disagrees with your sentiment. Clearly a number of people saw a need for this software!
“I'm a bit confused. Bert Hubert, shareholder of Open-Xchange, the parent company of PowerDNS is fed up with PowerDNS behavior around EDNS workarounds removal. Why is this not solved within Open-Xchange?”
I think you may misunderstand. Bert, PowerDNS, and various other Open Source projects are fed up with having to maintain workarounds for some poorly constructed EDNS implementations. As a result, this is being resolved, by removing those workarounds: https://blog.powerdns.com/2018/03/22/removing-edns-workarounds/
Showing 2 comment(s)