Understanding impact of RPKI and ROA on existing advertisements

• Previous message (by thread): Understanding impact of RPKI and ROA on existing advertisements
• Next message (by thread): Understanding impact of RPKI and ROA on existing advertisements
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

RPKI/ROA is a way to cryptographically prove what someone needs to prepend if they want to hijack your addresses.

Owen


> On Oct 28, 2022, at 08:00, Samuel Jackson <bobin.public at gmail.com> wrote:
> 
> Hello,
> I am new to RPKI/ROA and still learning about RPKI. From all my reading on ARIN's documents I am not able to answer some of my questions.
> We have a public ARIN block and advertise smaller subnets from that to our ISP's. We do not have any RPKI configs. 
> We need to setup ROA's to take another subnet from the ARIN block to AWS. Reading ARIN's docs, it seems I need to get setup on their Hosted RPKI service after which I can configure ROA's for the networks I am taking to AWS.
> 
> My question is, will this impact my existing advertisements to my ISP's. The current advertisements do not have ROA's.
> Will having RPKI for my ARIN network, without ROA's for the existing advertisements impact me?
> 
> Thanks for your help.
> 
> Ref:
> https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html 
> https://www.arin.net/resources/manage/rpki/roa_request/ 
> https://www.arin.net/resources/manage/rpki/hosted/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20221101/5fe8b36d/attachment.html>

• Previous message (by thread): Understanding impact of RPKI and ROA on existing advertisements
• Next message (by thread): Understanding impact of RPKI and ROA on existing advertisements
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]