Congratulations, Job! You and NTT have been a voice for routing security and a source for useful tools and techniques for a very long time. The routing infrastructure is the better for your support.
(And after this expression of gratitude, here’s the ask: when do we get to hear the lessons-learned?) —Sandy > On Mar 25, 2020, at 9:09 PM, Job Snijders <[email protected]> wrote: > > Dear Routing WG, > > Exciting news! Today NTT's Global IP Network (AS 2914) enabled RPKI > based BGP Origin Validation on virtually all EBGP sessions, both > customer and peering edge. This change positively impacts the Internet > routing system. > > The use of RPKI technology is a critical component in our efforts to > improve Internet routing stability and reduce the negative impact of > misconfigurations or malicious attacks. RPKI Invalid route announcements > are now rejected in NTT EBGP ingress policies. A nice side effect: > peerlock AS_PATH filters are incredibly effective when combined with > RPKI OV. > > For NTT, this is the result of a multiyear project, which included > outreach, education, collaboration with industry partners, and > production of open source software shared among colleagues in the > industry. > > Shout out to Louis & team (Cloudflare) for the open source GoRTR > software and the OpenBSD project for rpki-client(8). > > I hope some take this news as encouragement to consider RPKI OV > "invalid == reject"-policies as safe to deploy in their own BGP > environments too. :-) > > Kind regards, > > Job
