War Story: RPKI is Working as Intended
• 8 min read
Three weeks ago, Fastly was the target of a BGP hijack similar to a far more widely-reported incident that happened back in 2008. But this time, barely anyone noticed. Why is that?
Based in Amsterdam, Netherlands
Articles
Likes on articles
Job Snijders is an Internet Engineer at Fastly where he analyzes and architects global networks for future growth. Job has been actively involved in the Internet community in both operational, engineering, and architectural capacity, as a frequent presenter at network operator events such as NANOG, ITNOG, DKNOG, RIPE, NLNOG & APRICOT, and in a number of community projects for over 15 years. Job is co-chair of the IETF GROW & SSHM working groups, director of the Route Server Support Foundation, and developer for the OpenBSD project. Job's special interests are BGP routing policies, RPKI based routing security, and large Internet scale PKIX-RPKI & BGP deployments. Job helps maintain several software projects such as rpki-client, StayRTR, & bgpq4, and is active in the IETF where he have coauthored and contributed to numerous Internet-Drafts and RFCs. Job has experience with the implementation and operation of RPKI Certificate Authorities, Publication Servers, and Relying Parties.
You mention fantastic open source projects, I’ve worked with all of them and even contributed code to some. But note that not all of them have the functionality required to operate as a route server, or a need for external funding. The fact that numerous IXPs (DE-CIX, Netnod, AMS-IX, BCIX, LONAP, Asteroid, Namex, University of Oslo) helped fund this project together with the RIPE NCC community fund shows that the market disagrees with your sentiment. Clearly a number of people saw a need for this software!
“I'm a bit confused. Bert Hubert, shareholder of Open-Xchange, the parent company of PowerDNS is fed up with PowerDNS behavior around EDNS workarounds removal. Why is this not solved within Open-Xchange?”
I think you may misunderstand. Bert, PowerDNS, and various other Open Source projects are fed up with having to maintain workarounds for some poorly constructed EDNS implementations. As a result, this is being resolved, by removing those workarounds: https://blog.powerdns.com/2018/03/22/removing-edns-workarounds/
Showing 2 comment(s)