Dear Jeremy,
I'm not speaking with any authority, but I've been watching the RIR / RPKI / BGP space for some time. I think it currently is not possible (or very difficult) to create RPKI ROAs for space from AMPRNET.
Availability of RPKI services (and certifiability) throughout the industry has been rolled out incrementally. For instance in Brazil RPKI wasn't available until recently (for LACNIC (RIR) -> NICBR (NIR) managed space), and in the South Korean NIR (KRNIC) as far as I know hasn't taken up the delegation from APNIC, so Korean space can't be signed today either.
My point is that there IP blocks for which nobody (yet) can create a RPKI ROA, because either there is a "Legacy" aspect that needs to be resolved or there is a lack of ability at the NIR level.
If you run into trouble with RPKI with any provider for AMPRNET, feel free to CC me at job@ntt.net - i'm happy to explain that RPKI ROAs can't be created in all cases.
RPKI is a global deployment effort that involves hundreds of organisations and thousands of people, in some (rare) cases RPKI ROAs can not be created, and I think AMPRNET is one of such cases.
Figuring out how to get AMPRNET space "RPKI enabled" probably will take between 12 and 24 months, it'll be a really big project with lots of paperwork.
Kind regards,
Job
On Thu, Apr 30, 2020, at 22:41, Jeremy Cooper via 44Net wrote:
Hello all,
In 2018 I requested and received a /24 allocation and permission to announce it via BGP. My ISP/NSP, MonkeyBrains.net, very graciously agreed to route it to my house as part of my normal residential service. (Quite amazing!)
Now, however, they’ve sent me an unusual request (but they are excited about it): can I please setup RPKI for my IP allocation, authorizing them (MonkeyBrains) permission to advertise the block? Full quote below:
Hi Jermy,
We advertise a /24 for AMPRNET. Please setup a ROA record on ARIN authorizing us to advertise that block. (We just learned how to do this for our IPs yesterday and are exctied about RPKI.
If you haven't set up RPKI for your IP allocations, here are the steps in a nutshell:
create SSL key upload to ARIN Create ROA (image below) Thanks,
Rudy
HOW-TO on ARIN: https://www.arin.net/resources/manage/rpki/hosted/#roarequestkeypair https://slack-redir.net/link?url=https%3A%2F%2Fwww.arin.net%2Fresources%2Fmanage%2Frpki%2Fhosted%2F%23roarequestkeypair&v=3
I don’t think this is going to work as I don’t _OWN_ my block. It is licensed to me for a 5 year period. As such, there’s no record of my allocation with ARIN, and hence, nothing that I can assign.
Do any of you network gurus have a sufficiently technically advanced response I can give the ISP for their request?
73, -Jeremy Cooper _________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net