[AusNOG] RPKI is the New Hotness. RADB is old and busted.

Rob Thomas xrobau at gmail.com
Tue Mar 16 10:33:44 EST 2021 

For those that haven't noticed, I have a bit of a bee in my bonnet about
RPKI.

We now have all of our major carriers here in Australia (and massive thanks
to Phil!) doing proper RPKI validation, and APNIC have (tentatively) agreed
that getting RPKI+ROAs for legacy allocations should hopefully be a lot
easier, and nowhere near as financially challenging, in the near future.

So I'm going to be setting up some super-easy documentation on rpki.com.au
over the next couple of weeks, INCLUDING some labs and free (don't ddos me,
bro) bgp feeds for those that want to experiment with this in preparation
for deploying it in prod, AND (if I can get enough people to donate some
spare compute and network infra) a bunch of public do-not-use-in-prod RPKI
RTR Servers scattered all over the world.

To pre-empt some questions:

Q: Why the public servers?
A: Because people COPY AND PASTE STUFF. If we (in my case, VyOS, but 'we'
as people who write documentation) provide example or template BGP
configurations which have ROV built in from the very start, then that's
what people will use.

Q: I don't have a full BGP feed, do I care?
A: No. ROA/ROV is only relevant to those networks that don't have a default
route out to the internet

Q: I only have one uplink, do I care?
A: See above. You'll be sending traffic out that one link anyway. But hey,
deploy ROV anyway, it's SUPER easy!

Q: I've been using altdb and radb for 20 years. I don't want to change.
A: OK. I'll get off your lawn.

For any OTHER questions, I urge you to check out the RPKI labs video from
APRICOT which.. I can't seem to find. Hopefully someone else can reply to
this message with some entry level documentation, and maybe - if we're
lucky - a link to a recording of the tutorial.

If you want to chat or have other suggestions that you want to keep
out-of-band (apart from 'shut up Rob, stop crapping on about RPKI') hit me
up on B4P, or BGPeople (xrobau both, of course), or the IM or social media
platform of your choice, as I'm probably xrobau there, too.

--Rob 'Buzzing Bonnet' T
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20210316/38deaebe/attachment.html>

More information about the AusNOG mailing list