Understanding impact of RPKI and ROA on existing advertisements

• Previous message (by thread): Understanding impact of RPKI and ROA on existing advertisements
• Next message (by thread): Understanding impact of RPKI and ROA on existing advertisements
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I dont think ive every agreed with Owen this much, maybe this is the first
sign the wording is ending further proving his statement :)

On Wed, Nov 2, 2022 at 10:30 PM Owen DeLong via NANOG <nanog at nanog.org>
wrote:

> Oh, I’m not ignoring it, I’m just rather underwhelmed by it and given how
> long it took SIDRWG to get RPKI this far,
> not optimistic about any of the rest of the system getting deployed prior
> to IPv6 ubiquity or the end of my time on
> this planet, or even before we manage to destroy the planet, whichever
> comes first.
>
> Owen
>
>
> > On Nov 2, 2022, at 08:30, heasley <heas at shrubbery.net> wrote:
> >
> > Tue, Nov 01, 2022 at 06:24:50PM -0700, Owen DeLong via NANOG:
> >> RPKI/ROA is a way to cryptographically prove what someone needs to
> prepend if they want to hijack your addresses.
> >
> > Operators should not be deterred by that comment.  Owen seems to be
> ignoring
> > what it does achieve and that this is part of a larger system that is
> still
> > emerging.  See IETF sidrops wg.  In the interim, do your part to improve
> > DFZ hygiene.
> >
> >> Owen
> >>
> >>
> >>> On Oct 28, 2022, at 08:00, Samuel Jackson <bobin.public at gmail.com>
> wrote:
> >>>
> >>> Hello,
> >>> I am new to RPKI/ROA and still learning about RPKI. From all my
> reading on ARIN's documents I am not able to answer some of my questions.
> >>> We have a public ARIN block and advertise smaller subnets from that to
> our ISP's. We do not have any RPKI configs.
> >>> We need to setup ROA's to take another subnet from the ARIN block to
> AWS. Reading ARIN's docs, it seems I need to get setup on their Hosted RPKI
> service after which I can configure ROA's for the networks I am taking to
> AWS.
> >>>
> >>> My question is, will this impact my existing advertisements to my
> ISP's. The current advertisements do not have ROA's.
> >>> Will having RPKI for my ARIN network, without ROA's for the existing
> advertisements impact me?
> >>>
> >>> Thanks for your help.
> >>>
> >>> Ref:
> >>> https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html
> >>> https://www.arin.net/resources/manage/rpki/roa_request/
> >>> https://www.arin.net/resources/manage/rpki/hosted/
> >>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20221102/fe1c747d/attachment.html>

• Previous message (by thread): Understanding impact of RPKI and ROA on existing advertisements
• Next message (by thread): Understanding impact of RPKI and ROA on existing advertisements
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]