[proj-bgp] adding graphs for actually unreachable RPKI INVALID prefixes to RPKI Monitor?

Montgomery, Douglas (Fed) dougm at nist.gov
Tue Sep 18 14:47:40 UTC 2018


Michel,

First, thanks for your continued support as a taxpayer.

Second, in general our mission is limited to supporting the development and promulgation of consensus standards and the development of test / measurement methods and guidance to accelerate their adoption.   In particular we are not well positioned to provide operational Internet services of the nature you describe.

Of course what you describe would not be hard to do if some commercial or other organization wished to do so .... with the following caveats:

1.  You should follow the discussion of draft-ietf-sidrops-validating-bgp-speaker which proposed standardizing an approach to doing what you suggest.  Many on this thread think that it is a counterproductive idea to do this.  See discussion starting here:

https://mailarchive.ietf.org/arch/msg/sidrops/6lDz5dI-jg-OhpGR4xKRZ6lYZRA

2. There are some legal issues regarding the redistribution of machine readable RPKI data/results to third parties.  See below section 5 Prohibited Conduct:

https://www.arin.net/resources/rpki/rpa.pdf


What we can do is continue to contribute to the development of standards, produce prototypes and test and measurement tools and publish deployment guidance to help foster adoption.  For example see the follow draft publication:
https://www.nccoe.nist.gov/projects/building-blocks/secure-inter-domain-routing

You mention other suggestions of how we can improve test and measurement services.  We welcome all input on that.  Maybe contact me off list and we can discuss the other ideas.


Thanks,
dougm
--
Doug Montgomery, Manager Internet  & Scalable Systems Research @ NIST
 

´╗┐On 9/17/18, 11:04 PM, "Michel Py" <michel.py at tsisemi.com> wrote:

    Doug,
    
    > Montgomery, Douglas wrote :
    > The new monitor has significant additions in the areas of diagnostics, and highlights issues of
    > interest such as path / customer cone analysis of prefixes that cover invalid originations.
    
    Thanks for all the work. More visibility will help. I have made some private suggestions to how you could enhance the service, and I would add one :
    provide a BGP feed available to the public with invalid RPKI prefixes with a distinct BGP community describing why the prefix is invalid.
    
    We are in an impossible situation where ISPs don't want to discard invalid RPKI prefixes because they can't deal with the customer backshlash of doing it; nothing to gain, money to lose. Money wins.
    
    There is another side of this coin, though : you are a government employee. I pay you.
    As a taxpayer, I think the US governement should provide a better service to US companies with theRPKI collected data. Analysis without action is interesting, but not always federal funding.
    
    Best regards,
    
    Michel.
    
    TSI Disclaimer:  This message and any files or text attached to it are intended only for the recipients named above and contain information that may be confidential or privileged. If you are not the intended recipient, you must not forward, copy, use or otherwise disclose this communication or the information contained herein. In the event you have received this message in error, please notify the sender immediately by replying to this message, and then delete all copies of it from your system. Thank you!...
    



More information about the NANOG mailing list