Cogent x RPKI

Rubens Kuhl rubensk at gmail.com
Mon Aug 9 12:24:56 UTC 2021


> >> Someone that poses as a Tier-1 and doesn't even plan to sign their
> >> announcements ? How much more depeering will make them reconsider ?
>
> Please keep in mind that sound technical, administrative, or financial
> reasons can exist that hamper one's ability to create RPKI ROAs.
>
> For example, if the IP space is LEGACY, and not covered by a 'LRSA'
> (ARIN) or 'Legacy Agreement' (RIPE), then RPKI certificate issuance
> services simply are not available for that IP space. Without an
> agreement with a RIR to arrange RPKI services, logically, one cannot
> create ROAs.

In the case at hand, the IP block is not legacy, it was an ARIN
allocation from the start. Cogent does have a number of legacy blocks
but AFAIK they wouldn't need to bring them to an LRSA in order to
issue ROAs for the non-legacy blocks.

>
> Perhaps in your case, if RPKI is a requirement, you are better off
> bringing your own (RPKI capable) IP space?

With IPv4 depleted at most RIRs, getting someone's own IPv4 space is
not happening anytime soon.


Rubens


More information about the NANOG mailing list