Mikrotik is adding RPKI support:
What's new in 7.0beta7 (2020-Jun-3 16:31):
[...]
!) enabled BGP support with multicore peer processing (CLI only);
!) enabled RPKI support (CLI only);
[...]
On Jun 2, 2020, at 3:34 PM, Jonathan Lassoff via 44Net
<44net(a)mailman.ampr.org> wrote:
I can sympathize with the sentiment that RPKI and widespread RPKI
adoption in its current form will really lock out and disenfranchise
smaller network operators.
Now, *more than ever*, we need to enable an Internet that any
organization (a natural person, a registered entity, a hackerspace,
etc.) can connect to, uniquely address itself, and begin exchanging
traffic.
In order to enable such an open system to function, we also need ways
of ensuring that unicast addresses are unique and that there is some
public, verifiable way of claiming ownership of IP space. Without
this, the entire network is open to disruption and abuse by almost any
operator. It's amazing we have gotten so far on the good will of most
operators.
The RIR model of lawyers, paperwork, and public databases works for a
lot of people and organizations. IRR was the first step, but it was
complex and a bit clunky to use. I see RPKI for Origin Validation as
just the first/next step of extending this model of trust and
numbering resource ownership into the routing protocol space more
directly.
From a technical standpoint, this logical extension of systems makes a
lot of sense and I don't have a problem with it.
For commercial network operators, a RIR registration is just the cost
of doing business.
But for many small nonprofits, regional amataur radio/network
operators, or individuals, a few thousand dollars/euros a year is a
lot of money that makes Internet independence out of reach.
They end up having to resort to the hegemony of their local incumbent
monopoly and chain themselves to the whims of their upstreams and
regulators.
I suspect many legacy resource holders find themselves in a similar
limbo-state of not wanting to participate in the RIR model and pay
money for essentially nothing.
Echoing some similar earlier sentiments to want to create a CA for
legacy address holders: How feasible would it be to create something
RIR-like, but noncommercial?
A place for legacy address holders to coordinate and register
resources seems like a natural fit. If we're going to operate a
database of ROAs, we're going to need some database of address space
ownership.
For 44net use cases, this seems really straightforward, since we have
the Portal to draw from. But for other organizations, it gets a bit
more complicated to do properly. Given some random email
address/account in some hypothetical legacy RIR, how can we really
validate that they're authorized to take actions on behalf of some
organization?
To take some random examples from the IANA IPv4 list: DISA, USPS,
AT&T, Apple, etc. Doing this right is going to take some process,
record keeping, and well.... work.
With this context, I can see how a lot of RIRs go commercial. However,
with a bit of automation, good documentation and records, and some
dedicated volunteers, this seems like a really doable/achievable thing
in the netops community.
I would be curious to know if anyone else shares these views/dreams
and would like to chat about it.
Stay safe and sane out there.
Cheers,
jof
On Tue, 2 Jun 2020 at 08:18, Job Snijders via 44Net
<44net(a)mailman.ampr.org> wrote:
Thomas,
You say
On Tue, Jun 2, 2020, at 04:17, Thomas Jones - KG5ZI /8 via 44Net wrote:
DO NOT participate in RPKI!
And ...
We should be protecting our Internet!! Just
saying...
What are you really saying? These statements seem at odds with each other.
How do you protect your internet? Maybe I can learn some tricks from you?
Kind regards,
Job
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net