Hello Christopher, Thanks for doing this work!
I would like to take this opportunity to mention the NRO RPKI program (https://www.nro.net/technical-coordination/security/certification/#rpki_program), which has the purpose of “providing a more consistent and uniformly secure, resilient and reliable RPKI service”. If as part of this work, you or your collaborators identify any areas that could benefit from better coordination and collaboration across the RIRs, please feel free to reach out to me. In terms of the content you are gathering which I think will be very useful for the technical community, I have compiled some resources on how to create ROAs through the RIRs which I think could be useful. Please see below. A small comment from me: To avoid duplication and unnecessary overhead, I would like to suggest using references to existing materials when possible. Warm regards, Sofía -- I am sending this email at a time that suits me and the time zone I work in. Please feel free to read, and act on or respond, at a time that suits you. ____________________________________________________________________ Sofía Silva Berenguer RPKI Program Manager, NRO / Process and Productivity Engineer, APNIC e: [email protected]<mailto:[email protected]> ____________________________________________________________________ Afrinic: * https://afrinic.net/support/rpki * https://www.youtube.com/watch?v=pJsdixPdFi0 APNIC: * https://www.apnic.net/wp-content/uploads/2017/12/ROUTE_MANAGEMENT_GUIDE.pdf * https://academy-training-wiki-media.storage.googleapis.com/_media/securing_internet_routing_2020505.pdf * https://blog.apnic.net/2019/09/11/how-to-creating-rpki-roas-in-myapnic/ ARIN: * https://www.arin.net/resources/manage/rpki/hosted/ LACNIC: * https://www.lacnic.net/5414/1/lacnic/network-security-with-rpki RIPE NCC: * https://www.ripe.net/manage-ips-and-asns/resource-management/rpki/resource-certification-roa-management/ From: Christopher Hawker <[email protected]> Date: Monday, 29 July 2024 at 12:04 AM To: [email protected] <[email protected]> Subject: [apnic-talk] A single place for information relating to the deployment and usage of RPKI Hello All, When it comes to RPKI, its deployment and usage, there is a fair bit of information available on the Internet. Each RIR has their own guides for creating ROAs, each router vendor and developer has their own guides for deploying route object validation on their devices and software, each Relying Party software developer has their own how-to guide on installing/configuring/maintaining the software, among others. What I haven’t been able to find thus far is a place where all of this information is altogether, in one place, for simplicity and ease of comparison to find the best solution for a network operator’s needs. This is where the RPKI Deployment Hub comes in. The RPKI Deployment Hub is the start of a documentation site that is designed to compile all of this information in one place. For new network operators this may prove to be an invaluable tool to find the best method of operating their own RP software, for students this may be a source of information to help further their studies, or for long-standing network operators it may be a resource for them to keep up-to-date with the latest methods. It is presently being hosted on GitHub pages, where each commit to the underlying repository updating the site live. The site itself is located at https://rpkihub.au<https://rpkihub.au/>, with the GitHub repository located at https://github.com/thesysadmindev/rpkihub. Unfortunately, I can only do so much, and this is where I need to ask for contributors to help work on this site. As we all know, there are a large number of router vendors on the market, each with their own way of implementing RPKI. Cisco, Juniper, MikroTik, Nokia, Arista, and the like all do things differently. It would be a wonderful world if they all worked the exact same way with the same commands. It’d make life a lot easier for us. What I’m calling out to the community for, is for assistance with building this site as it is impossible for me to look at every major hardware vendor and model. We need information such as router configurations relating to RPKI and the commands used, along with the vendor names, hardware models and software versions. The idea to this is that people can look at a guide, find their router model and it’ll tell them how to configure route object validation. As for creating ROAs, it’ll tell them how to do so with their respective RIRs. I understand that the best source of information for this is from the RIR itself and will always be the case; this is simply designed to provide everything in one central location. If there are any members from the other four RIRs (as I have already put together a guide for creating ROAs within MyAPNIC) who are willing to work with me to develop a guide with screenshots it would be greatly appreciated It could even be as simple as sending me an email with the steps listed and a few screenshot attachments and I can work on creating the guide otherwise you’re welcome to submit a pull request on the repository. I would also like to hear about people’s experiences with deploying RPKI across their networks, why you chose to and for those who haven’t or won’t, why that is the case. This sort of information would be valuable to help shape the site. If you would like to contribute to this project, you can do so via any number of ways: 1. Open a pull request against the repository on GitHub. 2. Click on the “Edit This Page” button on any page on the site to take you straight to its source on GitHub where you can make changes and open a PR directly from the GitHub site. 3. Send me an email to [email protected]<mailto:[email protected]>. 4. Drop me a direct message on Discord (Username: thesysadmin). The site itself is licensed under GPLv3, so feel free to tear it apart, share it and work together. If you also have any other recommendations as to how it can be improved or if you feel there is anything missing, do let me know. Regards, Christopher Hawker
_______________________________________________ APNIC-talk - https://mailman.apnic.net/[email protected]/ To unsubscribe send an email to [email protected]
