ARIN and the RPKI (was Re: AltDB?)

• Previous message (by thread): ARIN and the RPKI (was Re: AltDB?)
• Next message (by thread): ARIN and the RPKI (was Re: AltDB?)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> We need at least these things to exist:
>   o an accurate mapping of resource (netblock/asn) to
>     authorized-entity (RIR/NIR/LIR/Customer/...) 
>   o a system to manage this data for our routing equipment

see all the sidr documents in last call to go from i-ds to rfcs.  oh,
you co-chair sidr :)

>   o protocol enhancements that can be used to help propagate the
>     mapping information or at the least help a router programmaticly
>     understand if a resource is being used by the authorized entity

see draft-ietf-sidr-rpki-rtr-07

>   o routing software that can digest the enhanced data

in test.  rumors of going normal release from at least one vendor in q2

>   o routing hardware that won't crumple under the weight of (what
>     seems like) heavier weight routing protocol requirements

actually, the formal rpki-based origin-validation stuff is measured to
take *less* cpu, a lot less, than ACLs

> There is, of course, some risk with this model and we should take the
> time to accept/discuss that as well.

some guidance toward ameliorating the risks are in
<draft-ietf-sidr-rpki-origin-ops-00.txt>.

input from ops into all this stuff would be most welcome.

randy

• Previous message (by thread): ARIN and the RPKI (was Re: AltDB?)
• Next message (by thread): ARIN and the RPKI (was Re: AltDB?)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]