RPKI for dummies

• Previous message (by thread): 00:aa:bb:01:23:45
• Next message (by thread): RPKI for dummies
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

I am sorry for the n00b question. Can someone help point me in the right
direction to understand how RPKI works? I understand that from my side that
I create a key, submit the public portion to ARIN and then send a signed
request to ARIN asking them to publish it. How do ISP's that receive my
advertisement (either directly from me, meaning my upstreams or my
upstreams upstream) verify against the cert that the advertisement is
coming from me? If say we have
Medium ISP (AS1000) -> Large ISP (AS200)
in the above case AS200 know it's peering with AS1000 so it will take all
advertisements. What's stopping AS1000 from adding a router to their
network to impersonate me,  make it look like I am peering with them and
then they re-advertise the path to Large ISP?

Again sorry for the n00b question, I am trying to make sense of how it
works.

TIA.

Dovid
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20200820/034403bf/attachment.html>

• Previous message (by thread): 00:aa:bb:01:23:45
• Next message (by thread): RPKI for dummies
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]