Financial services BGP hijack last week?

Christopher Morrow morrowc.lists at gmail.com
Wed May 3 17:46:25 UTC 2017


On Wed, May 3, 2017 at 1:39 PM, Compton, Rich A <Rich.Compton at charter.com>
wrote:

> The servers where the RPKI data is published (the Trust Anchor and the
> CAs) are referred to using a single URI, meaning that any
>

sure, but even with rrdp there's just  one URI you'd follow, which
translates to some hostname + path.


> sort of geographic redundancy or failover has to be handled via external
> means (anycast, load balancing, etc.) but rsync isn’t well-suited for this
> sort of implementation.
>

why's that? it seems to work fine for many free software repositories, for
instance.
Yes, updates to that repository would have to be 'managed' but that's also
the case for rrdp, or any other 'more than one copy' solutions of publicly
available data, right?

https://github.com/google/rpki-mgmt/

does some of the lifting to sort out the 'how to get my updates to all the
copies of my repository'... it doesn't yet support RRDP, but it's not hard
to see where to stick that in the config/setup.


More information about the NANOG mailing list