3,698 total views, 2 views today
Smartcom Telephone is the only provider in South Texas to implement RPKI. Resource Public Key Infrastructure (RPKI) is a cryptographic method of signing records that associate a BGP route announcement with the correct originating AS number. RPKI is defined in RFC6480 (An Infrastructure to Support Secure Internet Routing). Cloudflare commits to RPKI. Because any route can be originated and announced by any random network, independent of its rights to announce that route, there needs to be an out-of-band method to help BGP manage which network can announce which route. That system exists today. It’s part of the IRR (Internet Routing Registry) system. Many registries exist, some run by networks, some by RIRs (Regional Internet Registries) and the largest of IRRs, Merit’s RADB service. This service provides a collective method to allow one network to filter another’s networks routes. RPKI comes into the picture because the existing IRR system lacks any form of cryptographic signing for its data. In fact, today the IRR databases contain plenty of invalid data. There’s very little control over the creation of invalid data. Implementing RPKI is just the first step in better BGP route security because RPKI only secures the route origin; it doesn’t secure the path.