RPKI
latest
General
Introduction
About this Documentation
About Resource Public Key Infrastructure
Organisation of this Documentation
FAQ
RPKI Mechanism
What is RPKI and why was it developed?
I thought we were all using the IRR to check route origin, why do we need RPKI now?
Why are we investing in RPKI, isn’t it easier to just fix the Internet Routing Registry (IRR) system?
Is it true that BGP4 is just not up to the task any longer?
As RPKI relies on X.509 PKI, isn’t this the same problem with untrustworthy SSL/TLS Certificate Authorities all over again?
What is the value of RPKI based BGP Origin Validation without Path Validation?
When comparing the ROA data set to the announcements my router sees, what are possible outcomes?
I’ve heard the term “route leak” and “route hijack”. What’s the difference?
If a ROA is cryptographically invalid, will it make my route invalid?
Operations and Impact
Will my router have a problem with all of this cryptographic validation?
Does RPKI reduce the BGP convergence speed of my routers?
Why do I need rsync on my system to use a validator?
The five RIRs provide a Hosted RPKI system, so why would I want to run a Delegated RPKI system myself instead?
Should I run a validator myself, when I can use an external data source I found on the Internet?
How often should I fetch new data from the RPKI repositories?
What if the RPKI system becomes unavailable or some other catastrophe occurs, will my (signed) prefixes become unreachable to others? Will other prefixes my routers learned over BGP become unreachable for me?
What if the Validator I use crashes and my router stops getting a feed. What will happen to the prefixes I learn over BGP?
I don’t want to rely on the RPKI data set in all cases, but I want to have my own preferences for some routes. What can I do?
Is there any point in signing my routes with ROAs if I don’t validate and filter myself?
Miscellaneous
Why isn’t the ARIN RPKI TAL like other public key files?
What is the global adoption and data quality of RPKI like?
I want to use the RPKI services from a specific RIR that I’m not currently a member of. Can I transfer my resources?
Will RPKI be used as a censorship mechanism allowing governments to make arbitrary prefixes unroutable on a whim?
What are the long-term plans for RPKI?
Quick Help
What is RPKI or ROA?
What do they do?
How does it work?
What is in a ROA?
What happens next?
What can I do about my route having an Invalid state?
RPKI Technology
Introduction
Internet Number Resource Allocation
Mapping the Resource Allocation Hierarchy into the RPKI
X.509 PKI Considerations
Internet Routing
BGP Best Path Selection
Preference for Shortest Path
Preference for Most Specific Prefix
Routing Errors
Mitigation of Routing Errors
The Internet Routing Registry
Securing BGP
Route Origin Validation
Route Origin Authorisations
Maximum Prefix Length
Route Announcement Validity
Path Validation
Implementation Models
Hosted RPKI
Functional differences across RIRs
Delegated RPKI
Using RPKI Data
Connecting to the Trust Anchor
Fetching and Verifying
Validating Routes
Local Overrides
Feeding Routers
Operations
Software Projects
Relying Party Software
RTR Server Software
Certificate Authority Software
Supporting Tools
Router Support
Hardware Solutions
Software Solutions
Resources
Books
Insights and Statistics
Operational Experiences
Examples of BGP Hijacks
IETF Documents
RPKI
Docs
»
Index
Edit on GitHub
Index
A
|
B
|
C
|
D
|
E
|
F
|
H
|
I
|
M
|
N
|
O
|
P
|
R
|
S
|
T
|
U
|
V
|
X
A
ASPA
see Path validation
B
BGP
see Internet Routing
BGP best path selection
BGPSec
see Path validation
Books
C
Certificate Authority software
D
Delegated RPKI
E
Examples of BGP hijacks
F
FAQ
Fat finger
see Routing errors
Frequently Asked Questions
see FAQ
H
Hosted RPKI
I
IETF Documents
Implementation Models
Internet Routing
Internet Routing Registry
Introduction
,
[1]
Invalid status
see RPKI validity
IP Allocation
IRR
see Internet Routing Registry
M
Maximum Prefix Length
MaxLength
see Maximum Prefix Length
More specific
see BGP best path selection
N
NotFound status
see RPKI validity
O
Operational experiences
P
Path validation
R
Relying Party software
Resources
RFC
RFC 2280
,
[1]
RFC 3779
RFC 5280
RFC 6482
RFC 6487
RFC 6810
,
[1]
RFC 6811
,
[1]
,
[2]
RFC 7115
,
[1]
,
[2]
,
[3]
RFC 7908
,
[1]
RFC 8182
,
[1]
RFC 8205
RFC 8210
,
[1]
,
[2]
RFC 8416
,
[1]
RFCs about RPKI
see IETF Documents
ROAs
see Route Origin Authorisations
Route Origin Authorisations
Route Origin Validation
Router support
Routing errors
RPKI Validator
see Relying Party software
RPKI validity
RPKI-RTR
RPSL
see Internet Routing Registry
RTR Server software
S
Securing BGP
Shortest path
see BGP best path selection
SLURM
Software Projects
Statistics
T
Trust Anchor
U
Using RPKI data
V
Valid status
see RPKI validity
X
X.509 PKI
Read the Docs
v: latest
Versions
latest
Downloads
pdf
html
epub
On Read the Docs
Project Home
Builds
Free document hosting provided by
Read the Docs
.