Understanding impact of RPKI and ROA on existing advertisements

Kevin Burke kburke at burlingtontelecom.com
Tue Nov 1 14:29:15 UTC 2022


You may want to set this up yourself anyways.  In the effort of making things work, your upstream ISP may have had to setup these records on your behalf.  If not now, they may in the future.  Having duplicate entries can cause unexpected results.

Kevin Burke
802-540-0979
Burlington Telecom
200 Church St, Burlington, VT

From: NANOG <nanog-bounces+kburke=burlingtontelecom.com at nanog.org> On Behalf Of Samuel Jackson
Sent: Friday, October 28, 2022 11:00 AM
To: nanog at nanog.org
Subject: Understanding impact of RPKI and ROA on existing advertisements

WARNING!! This message originated from an External Source. Please use proper judgment and caution when opening attachments, clicking links, or responding to this email.
Hello,
I am new to RPKI/ROA and still learning about RPKI. From all my reading on ARIN's documents I am not able to answer some of my questions.
We have a public ARIN block and advertise smaller subnets from that to our ISP's. We do not have any RPKI configs.
We need to setup ROA's to take another subnet from the ARIN block to AWS. Reading ARIN's docs, it seems I need to get setup on their Hosted RPKI service after which I can configure ROA's for the networks I am taking to AWS.

My question is, will this impact my existing advertisements to my ISP's. The current advertisements do not have ROA's.
Will having RPKI for my ARIN network, without ROA's for the existing advertisements impact me?

Thanks for your help.

Ref:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html
https://www.arin.net/resources/manage/rpki/roa_request/
https://www.arin.net/resources/manage/rpki/hosted/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20221101/097aa501/attachment.html>


More information about the NANOG mailing list