We measure many aspects of the Internet for the MANRS projects – gathering data daily from 10 different sources and generating 14 metrics across over 100k ASes from that data for the MANRS Observatory.
We measure the effect of good MANRS (Action 1 – filtering and Action 2 – anti-spoofing), and we measure how well ASNs are able to communicate with each other (Action 3 – coordination). But perhaps the most important aspect we measure (Action 4 – global routing information) is how well ASes document their routing policies so that routing security controls can be applied by other networks globally. For this, we measure both IRR and RPKI.
Earlier this year we announced some exciting changes to how we gather and process the RPKI data in the form of ROAST — a standalone tool that gathers data separately from the rest of the data we gather for the MANRS Observatory.
One improvement we wanted to make since we launched ROAST was to combine both data-gathering processes. A few weeks ago, we decided to start work on this, which was the ideal time to review our methodology.
We’ve had good feedback on the new ROAST tool, including reports of where our data doesn’t look right. We’ve investigated the reported issues and improved how we collect and measure RPKI data.
Before ROAST, we only generated data on prefixes visible in the RIS. We have now expanded this to check all prefixes registered to an ASN, whether they are routed or not, and, as such, increased our daily RPKI measurements from just over 1 million to nearly 3.5 million. We validate all these prefixes against data from Routinator, which gives us a better picture of the state of all ROAs — you can explore this data now via the ROAST web tool.
One big benefit of all this extra data is that it helps the community identify current AND potential issues, for example, if a prefix without a valid covering ROA was to be announced.
As this data includes all prefixes, whether they are in the routing table or not, it wouldn’t be fair to use this data to generate the readiness scores that are at the heart of MANRS. So, rather than using all ROAST data as before, we filter the new ROAST results to include only prefixes that are routed. This means MANRS participants won’t be penalized for prefixes with invalid or missing ROAs if those prefixes aren’t in the routing table. However, we have plans to include the full ROAST data analysis in the MANRS Observatory so that ASes can get the extra value this data now provides.
Finally, we’ve backfilled the RPKI data for the last two years. Enjoy!