Global Akamai Outage
mark at tinka.africa
Mon Jul 26 09:40:27 UTC 2021
On 7/26/21 07:25, Saku Ytti wrote:
> Doesn't matter. And I'm not trying to say RPKI is a bad thing. I like
> that we have good AS:origin mapping that is verifiable and machine
> readable, that part of the solution will be needed for many
> applications which intend to improve the Internet by some metric.
> And of course adding any complexity will have some rearing problems,
> particularly if the problem it attempts to address is infrequently
> occurring, so it would be naive not to expect an increased rate of
> outages while maturing it.
Yes, while RPKI fixes problems that genuinely occur infrequently, it's
intended to work very well for when those problems do occur, especially
the intentional hijacks, because when they do occur, it disrupts quite a
large part of the Internet, even if for a few minutes or couple of
hours. So from that standpoint, RPKI does add value.
Where I do agree with you is that we should restrain ourselves from
applying RPKI to use-cases that are non-core to its reasons for
existence, e.g., AS0.
I can count, on my hands, the number of RPKI-related outages that we
have experienced, and all of them have turned out to be a
misunderstanding of how ROA's work, either by customers or some other
network on the Internet. The good news is that all of those cases were
resolved within a few hours of notifying the affected party.
More information about the NANOG