Understanding impact of RPKI and ROA on existing advertisements

• Previous message (by thread): Understanding impact of RPKI and ROA on existing advertisements
• Next message (by thread): Understanding impact of RPKI and ROA on existing advertisements
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Creating ROAs for *all* the announcements that are done with your prefixes, both on your own AS and the ones announced by AWS, is probably the best way forward from both a routing security and ease-of-management perspective.

-Alex

> On 28 Oct 2022, at 17:00, Samuel Jackson <bobin.public at gmail.com> wrote:
> 
> Hello,
> I am new to RPKI/ROA and still learning about RPKI. From all my reading on ARIN's documents I am not able to answer some of my questions.
> We have a public ARIN block and advertise smaller subnets from that to our ISP's. We do not have any RPKI configs. 
> We need to setup ROA's to take another subnet from the ARIN block to AWS. Reading ARIN's docs, it seems I need to get setup on their Hosted RPKI service after which I can configure ROA's for the networks I am taking to AWS.
> 
> My question is, will this impact my existing advertisements to my ISP's. The current advertisements do not have ROA's.
> Will having RPKI for my ARIN network, without ROA's for the existing advertisements impact me?
> 
> Thanks for your help.
> 
> Ref:
> https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html 
> https://www.arin.net/resources/manage/rpki/roa_request/ 
> https://www.arin.net/resources/manage/rpki/hosted/

• Previous message (by thread): Understanding impact of RPKI and ROA on existing advertisements
• Next message (by thread): Understanding impact of RPKI and ROA on existing advertisements
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]