ARIN and the RPKI (was Re: AltDB?)
Randy Bush
randy at psg.com
Thu Jan 6 04:16:27 UTC 2011
> We need at least these things to exist:
> o an accurate mapping of resource (netblock/asn) to
> authorized-entity (RIR/NIR/LIR/Customer/...)
> o a system to manage this data for our routing equipment
see all the sidr documents in last call to go from i-ds to rfcs. oh,
you co-chair sidr :)
> o protocol enhancements that can be used to help propagate the
> mapping information or at the least help a router programmaticly
> understand if a resource is being used by the authorized entity
see draft-ietf-sidr-rpki-rtr-07
> o routing software that can digest the enhanced data
in test. rumors of going normal release from at least one vendor in q2
> o routing hardware that won't crumple under the weight of (what
> seems like) heavier weight routing protocol requirements
actually, the formal rpki-based origin-validation stuff is measured to
take *less* cpu, a lot less, than ACLs
> There is, of course, some risk with this model and we should take the
> time to accept/discuss that as well.
some guidance toward ameliorating the risks are in
<draft-ietf-sidr-rpki-origin-ops-00.txt>.
input from ops into all this stuff would be most welcome.
randy
More information about the NANOG
mailing list