Financial services BGP hijack last week?

Christopher Morrow morrowc.lists at
Wed May 3 17:46:25 UTC 2017

On Wed, May 3, 2017 at 1:39 PM, Compton, Rich A <Rich.Compton at>

> The servers where the RPKI data is published (the Trust Anchor and the
> CAs) are referred to using a single URI, meaning that any

sure, but even with rrdp there's just  one URI you'd follow, which
translates to some hostname + path.

> sort of geographic redundancy or failover has to be handled via external
> means (anycast, load balancing, etc.) but rsync isn’t well-suited for this
> sort of implementation.

why's that? it seems to work fine for many free software repositories, for
Yes, updates to that repository would have to be 'managed' but that's also
the case for rrdp, or any other 'more than one copy' solutions of publicly
available data, right?

does some of the lifting to sort out the 'how to get my updates to all the
copies of my repository'... it doesn't yet support RRDP, but it's not hard
to see where to stick that in the config/setup.

More information about the NANOG mailing list