So in the ARIN world, Krill only works with "delegated" RPKI, not "hosted" RPKI 
- do I understand that correctly?

If so, are there any plans to allow Krill's analytics and rules to monitor ARIN 
Hosted RPKI ROAs?


Adam Thompson
Consultant, Infrastructure Services
100 - 135 Innovation Drive
Winnipeg, MB, R3T 6A8
(204) 977-6824 or 1-800-430-6404 (MB only)<><>

From: NANOG <> on behalf of Alex 
Band <>
Sent: Thursday, June 25, 2020 8:31:52 AM
To: Nanog
Subject: Ensuring RPKI ROAs match your routing intent

Hi everyone,

Over the last two years NLnet Labs has been working on free, open source RPKI 
software and research for the community, supported by the RIPE NCC Community 
Projects Fund, Brazilian NIR and Asia Pacific RIR APNIC. I have an 
update that we’d like to share.

When creating a ROA in RPKI, it can have an effect on one or more BGP 
announcements, making them either Valid, Invalid or NotFound. Understanding 
what exactly determines these three states is not immediately obvious, 
especially in the beginning.

At times, this can make creating ROAs a bit of a shot in the dark. I’ve seen 
several examples in the past where an operator created a ROA in their RIR 
Portal, waited for it to be published and then checked in services like BGPMon 
or the HE BGP Toolkit to see if everything turned out as expected.

This is why, during my time at the RIPE NCC, we put a lot of work into making 
it immediately obvious what the effect of a ROA is going to be on the BGP 
announcements with your address space. Several RIRs have followed in these 
footsteps since.

I presented on this journey at NANOG 63 in 2015:

Now, in my new adventure at NLnet Labs, we’ve gotten the same team together to 
make simple, intuitive ROA management for Delegated RPKI available for 
everyone, seamlessly across RIR regions.

With Krill 0.7.1 ‘Sobremesa’ you can easily create and maintain ROAs in a user 
interface that incorporates all of the best practices and lessons learned over 
the last 10 years and monitor them in ways never before possible, such as 
through Prometheus.

Blog post with details:

All the best,


Reply via email to