Hi Adam, > On 25 Jun 2020, at 16:55, Adam Thompson <[email protected]> wrote: > > So in the ARIN world, Krill only works with "delegated" RPKI, not "hosted" > RPKI - do I understand that correctly?
Krill is RPKI Certificate Authority software to run Delegated RPKI under one or multiple RIRs simultaneously. It’s an all-in choice, so you would choose Delegated instead of Hosted. > If so, are there any plans to allow Krill's analytics and rules to monitor > ARIN Hosted RPKI ROAs? That’s not possible, as Krill can only monitor its own ROAs and not ones that are published elsewhere. Perhaps BGP Alerter is a solution for you: https://github.com/nttgin/BGPalerter Cheers, Alex > -Adam > > Adam Thompson > Consultant, Infrastructure Services > > 100 - 135 Innovation Drive > Winnipeg, MB, R3T 6A8 > (204) 977-6824 or 1-800-430-6404 (MB only) > [email protected] > www.merlin.mb.ca > > From: NANOG <[email protected]> on behalf of > Alex Band <[email protected]> > Sent: Thursday, June 25, 2020 8:31:52 AM > To: Nanog > Subject: Ensuring RPKI ROAs match your routing intent > > Hi everyone, > > Over the last two years NLnet Labs has been working on free, open source RPKI > software and research for the community, supported by the RIPE NCC Community > Projects Fund, Brazilian NIR NIC.br and Asia Pacific RIR APNIC. I have an > update that we’d like to share. > > When creating a ROA in RPKI, it can have an effect on one or more BGP > announcements, making them either Valid, Invalid or NotFound. Understanding > what exactly determines these three states is not immediately obvious, > especially in the beginning. > > At times, this can make creating ROAs a bit of a shot in the dark. I’ve seen > several examples in the past where an operator created a ROA in their RIR > Portal, waited for it to be published and then checked in services like > BGPMon or the HE BGP Toolkit to see if everything turned out as expected. > > This is why, during my time at the RIPE NCC, we put a lot of work into making > it immediately obvious what the effect of a ROA is going to be on the BGP > announcements with your address space. Several RIRs have followed in these > footsteps since. > > I presented on this journey at NANOG 63 in 2015: > https://archive.nanog.org/meetings/abstract?id=2500 > > Now, in my new adventure at NLnet Labs, we’ve gotten the same team together > to make simple, intuitive ROA management for Delegated RPKI available for > everyone, seamlessly across RIR regions. > > With Krill 0.7.1 ‘Sobremesa’ you can easily create and maintain ROAs in a > user interface that incorporates all of the best practices and lessons > learned over the last 10 years and monitor them in ways never before > possible, such as through Prometheus. > > Blog post with details: > http://link.medium.com/1SsTJSAvB7 > > All the best, > > Alex
