Hello.
I work for an ISP. I have historically been present at at least one
presentation by Randy Bush regarding BGP advertisment verification (which
I found to be very informative). I thought I'd read up on what the current
state of affairs are, so I started looking through the archives of this
WG, plus looking through the past few operator meeting agendas
(NANOG55-56), (RIPE64-65).
I found "ROVER: BGP Route Origin Verification using Reverse-DNS" at
NANOG55, "RPKI Propagation" by R. Bush at RIPE65.
Are there others I should read?
Reading the RIPE65 it worries me that this information seems to be created
by the RIRs. I have some insight in what it takes in the
operations/administration of gtld and cctld registrar/registry plus global
anycasted root name server infrastructure. I feel what we're talking about
here is the same thing, or even more important. If secure BGP verification
doesn't work, nothing will work. Root name and (cc|g)tld servers get all
the attention, but root name servers can be offline for a long duration of
time without seriously affecting the Internet as a whole. The RPKI
infrastructure needs to be done with same reisiliancy or better it seems.
So trusting SIDR-WG and others to do the protocol standardisation, what
needs to be done on the operational side to get this running at a level of
quality needed to be 99.999% available and correct, both from the RIR side
and documents telling ISPs what they need to do internally to make this
work properly?
--
Mikael Abrahamsson email: [email protected]
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
