• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
MANRS

MANRS

Mutually Agreed Norms for Routing Security

  • Home
  • About
    • About MANRS
    • History
    • Partners
    • Advisory Group
      • Description and Role
      • Members
    • Testimonials
    • Contact Us
  • Programmes
    • Network Operators
      • Network Operators Programme and Actions
      • Implementation Guide
      • Participants
      • Join MANRS
    • IXPs
      • IXP Programme and Actions
      • Participants
      • Join IXP Programme
    • CDN and Cloud Providers
      • CDN and Cloud Providers Programme and Actions
      • Participants
      • Join the Programme
  • MANRS Ambassadors
  • Resources
    • All Resources
      • Implementation Guide
      • Papers
    • Training
      • Workshops
      • Tutorials
    • Promote MANRS
  • Observatory
  • Blog
  • Join

New RPKI Guide for a More Secure Internet

April 28, 2020 by Internet Society Leave a Comment

By Tiziano Tofoni, CEO of Reiss Romoli, and Flavio Luciani, CTO of Namex (Roma IXP)

Many incidents in the Internet are caused by the propagation of incorrect routing information. The most common threats, such as prefix hijacking or route leaks, take advantage of the basic vulnerability of BGP: its inability to verify which Autonomous Systems propagating the announcements are legitimately permitted to do so.

To avoid this problem, in 2012 the Secure Inter Domain Routing (SIDR) group of the Internet Engineering Task Force (IETF) developed a standard architecture: RFC 6481 – “A Profile for Resource Certificate Repository Structure.” It’s based on a public structure (Resource Public Key Infrastructure, or RPKI) with distributed databases (RPKI repositories).

We recently released the handbook “BGP RPKI: Instructions for use” to illustrate the main components of the BGP RPKI architecture and how these interact to create a system that will check whether or not an AS is authorized to originate prefixes to the Internet. Since we want this document to be a practical guide for the implementation of the RPKI architecture, we also illustrate how to insert the ROAs in the repository of an RIR (for now RIPE NCC portal). We explain how the theory can be put into practice by illustrating the implementation of the architecture both in Cisco and Juniper environments, with configuration examples.

This guide could be useful for anyone who wants to know more about the theory behind RPKI. It is aimed especially to network operators who want to implement the architecture inside their own network infrastructure.

We consider MANRS an important initiative and a first step to support network operators, IXPs, and CDNs to improve their security levels. The three MANRS programs carry different sets of concrete actions designed to avoid the most common routing problems. This handbook should support network operators to be compliant with one of the key actions. Our goal is to guide you inside the RPKI architecture in order to make the Internet a a more secure place.

Read “BGP RPKI: Instructions for use”

Share this:

  • Twitter
  • Facebook
  • LinkedIn
  • More
  • Email
  • Print
  • Reddit
  • Tumblr

Category iconMANRS Participants

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Recent Posts

  • Feedback Requested: Chartering the MANRS Community
  • A Major BGP Hijack by AS55410-Vodafone Idea Ltd
  • 2 Security Issues with RPKI and How To Fix Them
  • Announcing the 2021 MANRS Fellows
  • Meet the 2021 MANRS Ambassadors
MANRS logo
Join MANRS
  • Sharing Our Content
  • Terms of Use
  • Privacy Policy
  • Contact
Follow us: Follow MANRS on Twitter Follow MANRS on Facebook Follow MANRS on LinkedIn Follow MANRS on YouTube

MANRS Document © 2016–2021

loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.