Resources
This page provides an overview of projects that support RPKI. It includes, statistics, measurements projects and presentations about operational experiences. Finally, there is an overview of all work in the Internet Engineering Task Force relevant to RPKI.
The Software Projects page an overview of all available tools for using RPKI.
Books
BGP RPKI: Instructions for use
, by Flavio Luciani & Tiziano Tofoni (PDF)
Juniper Day One: Deploying BGP Routing Security
, by Melchior Aelmans & Niels Raijer (PDF)
Insights and Statistics
There are several initiatives that measure the adoption and data quality of RPKI:
Cirrus Certificate Transparency Log, by Cloudflare
Global certificate and ROA statistics, by RIPE NCC
RPKI Deployment Monitor, by NIST
The RPKI Observatory, by nusenu
RPKI connection test, by RIPE Labs
The rpki-client console, by the OpenBSD project
JDR: explore, inspect and troubleshoot anything RPKI, by NLnet Labs
RPKIviews: download historic raw RPKI data, by Job Snijders
ROA Use World Map and Country Data, by APNIC Labs
RPKI Portal, by Cloudflare
LACNIC Member Tools, by LACNIC
Operational Experiences
- RPKI Deployment Considerations for ISPs
Document by Rich Compton - Charter Communications, with contributions from the operator community
- Using RPKI with IXP Manager
Documentation to set up Routinator, OctoRPKI and the RIPE NCC Validator with BIRD 2.x
- Use Routinator with Cisco IOS-XR
Blog post by Fabien Vincent
- Wikimedia RPKI Validation Implementation
Documentation by Arzhel Younsi describing RPKI validator and router configuration
- Dropping RPKI invalid routes in a service provider network
Lightning talk by Nimrod Levy - AT&T, NANOG 75, February 2019
- RPKI and BGP: our path to securing Internet Routing
Blog post by Jérôme Fleury & Louis Poinsignon - Cloudflare, September 2018
- RPKI For Managers
Presentation by Niels Raijer - Fusix Networks, NLNOG Day 2018, September 2018
- RPKI at IXP Route Servers
Presentation by Nick Hilliard - INEX, RIPE 78, May 2019
- Lessons learned: NTT’s RPKI deployment
Presentation by Job Snijders - NANOG 79, June 2020
Examples of BGP Hijacks
- How Verizon and a BGP Optimizer Knocked Large Parts of the Internet Offline Today
Cloudflare Blog, 24 June 2019
- BGP / DNS Hijacks Target Payment Systems
Oracle Internet Intelligence, 3 August 2018
- Shutting down the BGP Hijack Factory
Oracle Dyn, 10 July 2018
- Suspicious event hijacks Amazon traffic for 2 hours, steals cryptocurrency
Ars Technica, 24 April 2018
- Popular Destinations rerouted to Russia
BGPmon, 12 December 2017
- Insecure routing redirects YouTube to Pakistan
Ars Technica, 25 February 2008
IETF Documents
Most of the original work on RPKI standardisation for both origin and path validation was done in the Secure Inter-Domain Routing (sidr) working group. After the work was completed, the working group was concluded.
Since then, the SIDR Operations (sidrops) working group was formed. This working group develops guidelines for the operation of SIDR-aware networks, and provides operational guidance on how to deploy and operate SIDR technologies in existing and new networks.
All relevant drafts and standards can be found in the archives of these two working groups.