RPKI/ROA is a way to cryptographically prove what someone needs to prepend if
they want to hijack your addresses.
Owen
> On Oct 28, 2022, at 08:00, Samuel Jackson wrote:
>
> Hello,
> I am new to RPKI/ROA and still learning about RPKI. From all my reading on
> ARIN's documents I am not able t
> Thanks everyone for your inputs. So bottomline setup RPKI and setup ROA's
> for all our subnets being advertised.
if the BGP advertisements are correct, then mirror them in ROAs. most,
if not all, CA UIs make that easy.
randy
Thanks everyone for your inputs. So bottomline setup RPKI and setup ROA's
for all our subnets being advertised.
Much of this is legacy and has too many unknowns, being handed down
networks without documentation also does not help.
Thanks,
Sam
On Tue, Nov 1, 2022 at 9:07 AM heasley wrote:
> Tue
Tue, Nov 01, 2022 at 12:01:46PM -0400, Jon Lewis:
> One danger with RPKI, is shooting yourself (or customers) in the foot by
> creating too general a ROA. i.e. Suppose you have an ARIN /20. You have
> a multihomed customer to whom you've assigned a /24 from your /20. You
> create a ROA for th
In general, you want to create suitable ROAs for the most specific routes
that will be advertised first.
Suppose you have a /20 from ARIN. You plan to take a /24 from that /20 to
AWS. From what you've said, all you need is a ROA for the /24 you're
taking to AWS, saying it can be originated b
If the route can exist on a FIB, can exist a ROA to that.
So, there is no reason to no create the ROAs.
Em ter., 1 de nov. de 2022 às 11:12, Samuel Jackson
escreveu:
> Hello,
> I am new to RPKI/ROA and still learning about RPKI. From all my reading on
> ARIN's documents I am not able to answer
NANOGers -
Important information - please note this change will affect how access to your
ARIN Online account and related administration of your number resources.
FYI,
/John
John Curran
President and CEO
American Registry for Internet Numbers
Begin forwarded message:
From: ARIN mailto:i...@a
Creating ROAs for *all* the announcements that are done with your prefixes,
both on your own AS and the ones announced by AWS, is probably the best way
forward from both a routing security and ease-of-management perspective.
-Alex
> On 28 Oct 2022, at 17:00, Samuel Jackson wrote:
>
> Hello,
>
You may want to set this up yourself anyways. In the effort of making things
work, your upstream ISP may have had to setup these records on your behalf. If
not now, they may in the future. Having duplicate entries can cause unexpected
results.
Kevin Burke
802-540-0979
Burlington Telecom
200
Hello,
I am new to RPKI/ROA and still learning about RPKI. From all my reading on
ARIN's documents I am not able to answer some of my questions.
We have a public ARIN block and advertise smaller subnets from that to our
ISP's. We do not have any RPKI configs.
We need to setup ROA's to take another
Dear network operators, I hope this email finds you well.
I am a first-year graduate student and I have been working on a survey for
network configuration intent.I will be much appreciated if you could spare some
time to answer my following questions.
1.For BGP communities, I have referred
11 matches
Mail list logo
