Calgary Internet Exchange (YYCIX) deploys world's first ASPA-filtering Route Servers
job at sobornost.net
Thu Feb 2 18:57:09 UTC 2023
CALGARY, CA-AB, Feb. 2, 2023 - The Calgary Internet Exchange (YYCIX) is
thrilled to announce the deployment of the world's first ASPA-filtering
Route Servers on a public peering fabric. The YYCIX Route Servers drop
ASPA-invalid BGP routes in order to protect multilateral peers.
ASPA (Autonomous System Provider Authorization) is a free RPKI-based
technology for detection and mitigation of BGP route leaks. ASPA enables
holders of Autonomous System identifiers to securely authorize one or
more other Autonomous Systems as their upstream providers, in turn
enabling Relying Parties (ISPs and IXPs) to use this cryptographically
verifiable information to automatically stop improbable BGP paths from
spreading through the global Internet routing system.
ASPA complements other routing safety & security mechanisms: RPKI-ROV
helps guard against fat-finger keyboard input errors, BGPsec helps
establish strong assurances about BGP message authenticity & integrity,
and finally ASPA helps stop route leaks. The key to worry-free routing
operations will be to use all three in tandem.
The ASPA specification is in active development as a freely accessible
open standard through the collaborative Internet Engineering Task Force
(IETF) process. YYCIX volunteers took on a leading role as early
adopters (or 'lighthouse customer') to foster an environment in which
real-world feedback can be contributed to the OpenBGPD developers and
ASPA specification authors in the SIDROPS working group. Our hope is
that many vendors and operators will embrace ASPA in the years to come.
About YYCIX Internet Exchange Community Ltd
YYCIX is incorporated as a volunteer-driven tax-exempt non-profit
corporation in Canada's third-largest municipality. YYCIX provides
Alberta residents with direct access to local Internet content and helps
increase the transfer speed of Internet communications between Alberta
companies, friends, neighbors and family members. https://www.yycix.ca/
About OpenBGPD & Rpki-client
Rpki-client is an freely usable and secure implementation of the RPKI
for Relying Parties to facilitate validation of BGP announcements. The
program queries the global RPKI repository system, verifies all
cryptographic signatures, and outputs validated data in configuration
formats suitable for OpenBGPD and StayRTR. https://www.rpki-client.org/
OpenBGPD is a free implementation of the IETF's Border Gateway Protocol
suitable for ISPs and IXPs. OpenBGPD allows ordinary machines to be used
as routers or route servers exchanging routes with other systems.
ASPA-filtering in OpenBGPD was developed with support from the German
Ministry for Economic Affairs & Climate Action's Sovereign Tech Fund,
and the Route Server Support Foundation (RSSF - https://www.rssf.nl/)
OpenBGPD and rpki-client are part of the OpenBSD Project; and run on a
wide variety of operating systems such as Debian, Ubuntu, Alpine,
CentOS, Fedora, FreeBSD, Red Hat, and of course OpenBSD!
More information about the NANOG