Understanding impact of RPKI and ROA on existing advertisements
Alex Band
alex at nlnetlabs.nl
Tue Nov 1 14:38:47 UTC 2022
Creating ROAs for *all* the announcements that are done with your prefixes, both on your own AS and the ones announced by AWS, is probably the best way forward from both a routing security and ease-of-management perspective.
-Alex
> On 28 Oct 2022, at 17:00, Samuel Jackson <bobin.public at gmail.com> wrote:
>
> Hello,
> I am new to RPKI/ROA and still learning about RPKI. From all my reading on ARIN's documents I am not able to answer some of my questions.
> We have a public ARIN block and advertise smaller subnets from that to our ISP's. We do not have any RPKI configs.
> We need to setup ROA's to take another subnet from the ARIN block to AWS. Reading ARIN's docs, it seems I need to get setup on their Hosted RPKI service after which I can configure ROA's for the networks I am taking to AWS.
>
> My question is, will this impact my existing advertisements to my ISP's. The current advertisements do not have ROA's.
> Will having RPKI for my ARIN network, without ROA's for the existing advertisements impact me?
>
> Thanks for your help.
>
> Ref:
> https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html
> https://www.arin.net/resources/manage/rpki/roa_request/
> https://www.arin.net/resources/manage/rpki/hosted/
More information about the NANOG
mailing list