Hello,
Adam Thompson wrote:
My suggested direction to the AC and/or the board would therefore be:
Find something ARIN can do to help combat the problem (more
effectively).
This post is in reaction to "more effectively".
I'd like to please remind the community of the efforts ARIN and the RIRs
have already taken to help combat BGP hijacking over the last 20 years:
1) In 1999, Cengiz Alaettinoglu, Curtis Villamizar, Elise Gerich, David
Kessens, David Meyer, Tony Bates, Daniel Karrenberg, and Marten Terpstra
published RFC 2622, defining the spec for Routing Policy Specification
Language (RPSL) which was intended to be used in RIPE DB and other routing
arbiters (like RADB) to help network operators specify routing policy, and
help peers to accept prefixes authorized by these policies. I hope you
recognize all or most of those names, but if you don't, know that these
folks were part of an active and engaged RIR community who worked hard to
improve internet engineering.
2) More was needed, however, so thirteen years later, Matt Lepinski and
Stephen Kent authored RFC 6480, "An Infrastructure to Support Secure
Internet Routng" laying out the foundation of RPKI.
The RIRs have spent millions and millions of dollars developing a strong,
robust, and secure RPKI which the network operator community can entrust
to protect routes against rogue announcements. RIPE and others
have developed the necessary software to effectively deploy RPKI. RIR
outreach campaigns have been going on for years to get people to issue
ROAs
It's the spring of 2019 in the northern hemisphere, and we are seeing
exponential growth in the adoption of RPKI. Upwards of 150 ASes are now
believed to be validating incoming route origins against the RPKI. That's
double the number of ASes that were believed to be validating back in
December (72).
There's still work to be done (especially at ARIN with its unique
challenges). And while that work continues, I expect that over the next
12-24 months, we will start to see research produced that measures the
effectiveness of the RPKI efforts.
Conclusion: The RIRs have been working for more than 20 years on
contributions to improve and promote a secure routing infrastructure.
Millions of member dollars have been spent towards these efforts. Today,
RPKI + IRR is a very powerful solution for combating route hijacking.
Speaking solely for himself,
/david
_______________________________________________
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List ([email protected]).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact [email protected] if you experience any issues.
