Understanding impact of RPKI and ROA on existing advertisements
Owen DeLong
owen at delong.com
Wed Nov 2 01:24:50 UTC 2022
RPKI/ROA is a way to cryptographically prove what someone needs to prepend if they want to hijack your addresses.
Owen
> On Oct 28, 2022, at 08:00, Samuel Jackson <bobin.public at gmail.com> wrote:
>
> Hello,
> I am new to RPKI/ROA and still learning about RPKI. From all my reading on ARIN's documents I am not able to answer some of my questions.
> We have a public ARIN block and advertise smaller subnets from that to our ISP's. We do not have any RPKI configs.
> We need to setup ROA's to take another subnet from the ARIN block to AWS. Reading ARIN's docs, it seems I need to get setup on their Hosted RPKI service after which I can configure ROA's for the networks I am taking to AWS.
>
> My question is, will this impact my existing advertisements to my ISP's. The current advertisements do not have ROA's.
> Will having RPKI for my ARIN network, without ROA's for the existing advertisements impact me?
>
> Thanks for your help.
>
> Ref:
> https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html
> https://www.arin.net/resources/manage/rpki/roa_request/
> https://www.arin.net/resources/manage/rpki/hosted/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20221101/5fe8b36d/attachment.html>
More information about the NANOG
mailing list