Several router vendors participated in the development of the RPKI standards in the IETF, ensuring the technology offered an end-to-end solution for route origin validation. The RPKI to Router protocol (RPKI-RTR) is standardised in RFC 6810 (v0) and RFC 8210 (v1). Is it specifically designed to deliver validated prefix origin data to routers. This, as well as origin validation functionality, is currently available in on various hardware platforms and software solutions.
The versions listed here are the earliest ones where RPKI support became available. However, a newer version may be required to get recommended improvements and bug fixes. Please check your vendor documentation and knowledge base.
- Juniper — Documentation
- Junos version 12.2 and newer. Please read PR1461602 and PR1309944 before deploying.
- Cisco — Documentation
- IOS release 15.2 and newer, as well as Cisco IOS/XR since release 4.3.2.
- Nokia — Documentation
- SR OS 12.0.R4 and newer, running on the 7210 SAS, 7250 IXR, 7750 SR, 7950 XRS and the VSR.
- Arista — Blog post
- EOS 4.24.0F and newer
- MikroTik — RouterOS v7 BETA forum thread - RPKI forum thread
- 7.0beta7 and newer
Various software solutions have support for origin validation:
In some solutions, such as OpenBGPD, RPKI-RTR is not available but the same result can be achieved through a static configuration. The router will periodically fetch the validated cache and allow operators to set up route maps based on the result. Relying party software such as Routinator and rpki-client can export validated data in a format that OpenBGPD can parse.
RTRlib is a C library that implements the client side of the RPKI-RTR protocol, as well as route origin validation. RTRlib powers RPKI in BGP software routers such as FRR. In a nutshell, it maintains data from RPKI relying party software and allows to verify whether an autonomous system (AS) is the legitimate origin AS, based on the fetched valid ROA data. BGP‑SRx by NIST is a prototype that can perform similar functions.