30 Apr
2020
30 Apr
'20
5:04 p.m.
Dear Jeremy,
I'm not speaking with any authority, but I've been watching the RIR / RPKI / BGP
space for some time. I think it currently is not possible (or very difficult) to create
RPKI ROAs for space from AMPRNET.
Availability of RPKI services (and certifiability) throughout the industry has been rolled
out incrementally. For instance in Brazil RPKI wasn't available until recently (for
LACNIC (RIR) -> NICBR (NIR) managed space), and in the South Korean NIR (KRNIC) as far
as I know hasn't taken up the delegation from APNIC, so Korean space can't be
signed today either.
My point is that there IP blocks for which nobody (yet) can create a RPKI ROA, because
either there is a "Legacy" aspect that needs to be resolved or there is a lack
of ability at the NIR level.
If you run into trouble with RPKI with any provider for AMPRNET, feel free to CC me at
job(a)ntt.net - i'm happy to explain that RPKI ROAs can't be created in all cases.
RPKI is a global deployment effort that involves hundreds of organisations and thousands
of people, in some (rare) cases RPKI ROAs can not be created, and I think AMPRNET is one
of such cases.
Figuring out how to get AMPRNET space "RPKI enabled" probably will take between
12 and 24 months, it'll be a really big project with lots of paperwork.
Kind regards,
Job
On Thu, Apr 30, 2020, at 22:41, Jeremy Cooper via 44Net wrote:
Hello all,
In 2018 I requested and received a /24 allocation and permission to
announce it via BGP. My ISP/NSP, MonkeyBrains.net, very graciously
agreed to route it to my house as part of my normal residential
service. (Quite amazing!)
Now, however, they’ve sent me an unusual request (but they are excited
about it): can I please setup RPKI for my IP allocation, authorizing
them (MonkeyBrains) permission to advertise the block? Full quote below:
Hi Jermy,
We advertise a /24 for AMPRNET. Please setup a ROA record on ARIN authorizing us to
advertise that block. (We just learned how to do this for our IPs yesterday and are
exctied about RPKI.
If you haven't set up RPKI for your IP allocations, here are the steps in a
nutshell:
create SSL key
upload to ARIN
Create ROA (image below)
Thanks,
Rudy
HOW-TO on ARIN:
https://www.arin.net/resources/manage/rpki/hosted/#roarequestkeypair
<https://slack-redir.net/link?url=https%3A%2F%2Fwww.arin.net%2Fresources%2Fmanage%2Frpki%2Fhosted%2F%23roarequestkeypair&v=3>
I don’t think this is going to work as I don’t _OWN_ my block. It is
licensed to me for a 5 year period. As such, there’s no record of my
allocation with ARIN, and hence, nothing that I can assign.
Do any of you network gurus have a sufficiently technically advanced
response I can give the ISP for their request?
73,
-Jeremy Cooper
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net