"Is BGP safe yet?" test

Mark Tinka mark.tinka at seacom.mu
Mon Apr 20 16:39:47 UTC 2020


On 20/Apr/20 18:24, Tom Beecher wrote:
> Technical people need to make the business case to management for RKPI
> by laying out what it would cost to implement (equipment, resources,
> ongoing opex), and what the savings are to the company from protecting
> themselves against hijacks. By taking this step, I believe RPKI will
> become viewed by non-technical decision makers as a 'Cloudflare
> initiative' instead of a 'good of the internet' initiative, especially
> by some companies who compete with Cloudflare in the CDN space.
>
> I believe that will change the calculus and make it a more difficult
> sell for technical people to get resources approved to make it happen.

I'm not sure I'd go that far, but I do see your point.

Nowadays, if you are running a half-decent router vendor, chances are
any upgrades you are doing for normal things (adding capacity, moving
from Gig-E to 10Gbps, or from 10Gbps to 100Gbps) will bring RPKI along
for the ride by default.

We've seen that validators are free, and work very well.

Your ongoing RIR membership will get your access to getting your ROA's
signed, so you don't need to pay extra for that.

So while I can see how an article like this could make life interesting
within your business, I don't think much of it will hinge on "the cost
of implementing RPKI in terms of $$".

My company, for example, only found out we run RPKI because of the April
1, 2019 activation article that we, and Workonline published. And we'd
been testing and running RPKI since 2014 - and only because we had a
total network refresh to get rid of some clunky Cisco XR 12000 routers
(which probably support RPKI if you don't run IOS classic, hehe).

Mark.



More information about the NANOG mailing list