Tue, Nov 01, 2022 at 06:24:50PM -0700, Owen DeLong via NANOG: > RPKI/ROA is a way to cryptographically prove what someone needs to prepend if > they want to hijack your addresses.
Operators should not be deterred by that comment. Owen seems to be ignoring what it does achieve and that this is part of a larger system that is still emerging. See IETF sidrops wg. In the interim, do your part to improve DFZ hygiene. > Owen > > > > On Oct 28, 2022, at 08:00, Samuel Jackson <bobin.pub...@gmail.com> wrote: > > > > Hello, > > I am new to RPKI/ROA and still learning about RPKI. From all my reading on > > ARIN's documents I am not able to answer some of my questions. > > We have a public ARIN block and advertise smaller subnets from that to our > > ISP's. We do not have any RPKI configs. > > We need to setup ROA's to take another subnet from the ARIN block to AWS. > > Reading ARIN's docs, it seems I need to get setup on their Hosted RPKI > > service after which I can configure ROA's for the networks I am taking to > > AWS. > > > > My question is, will this impact my existing advertisements to my ISP's. > > The current advertisements do not have ROA's. > > Will having RPKI for my ARIN network, without ROA's for the existing > > advertisements impact me? > > > > Thanks for your help. > > > > Ref: > > https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html > > https://www.arin.net/resources/manage/rpki/roa_request/ > > https://www.arin.net/resources/manage/rpki/hosted/ >
