[AusNOG] BGP rpki

Christopher Hawker email at chrishawker.com.au
Tue Sep 29 19:02:47 EST 2020

Hi Alex,

Mikrotik’s RouterOS v7 apparently is supposed to support RPKI, however as you know Mikrotik has been talking about v7 for years. The current beta version is severely broken to the point where it is surprising it made it to the beta stage.

From my understanding (and I’m sure I’ll be corrected if my knowledge is incorrect), RPKI is implemented independently of any upstream or downstream peers. If you only use Carrier A and you announce to them a prefix that has an invalid ROA, if they have RPKI configured they will drop that route, thus preventing access. The carrier can tell you that you need to have valid ROAs for your prefixes to be routable, however implementing RPKI on your own network is independent of any carrier.

The status of RouterOS is causing me to consider using VyOS as an alternate solution.


> On 29 Sep 2020, at 6:47 pm, Alex Samad <alex at samad.com.au> wrote:
> Hi
> Wondering how prevalent is RPKI in transit providers in Oz. Just got an email from exetel to say they are starting a rollout of it.
> Seems like my ROS routers don't have it, seems like they have been talking about back in 2014, still waiting on that feature to be added.
> Curious if all of my transit providers are going to come knocking and asking for me to turn this on ?
> Plus some quick googling seems to suggest its currently flawed..
> Thanks
> Alex
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog

More information about the AusNOG mailing list