Ronald F. Guilmette wrote on 03/01/2020 23:50:
Well, RPKI quite certainly beats the hell out of the nothing that we have had in its place for lo these many years now.
having used irrdb prefix filtering in production for many years, I respectfully disagree.
I certainly believe that in the absence of any malfeasance at any of the RIR, it -will- bring order to chaos in te world of routing, when and if adoption becomes universal or nearly so.
No, it won't. RPKI in its current form provides an insulation layer which stops certain types of misorigination problems and mitigates others, but has almost no impact on the wider question of policy routing. RPKI also works quite well from the point of view of incremental deployment, i.e. it's not necessary to aim for universal or near-universal adoption. Policy routing is difficult. We tried to fix it years ago with RPSL and that failed. There have been several attempts to look at this since then but they've all floundered because it's a fundamentally complex problem which involves a lot of different areas including policy management, i.e. codification of human judgement; deployment of this policy to networking equipment which doesn't have the hooks to implement this at scale; how to accurately model a routing policy right down to igp / egp interaction so that you have a balance between enough scope to describe routing policy at a per-router, per-peer-address, per prefix level, but at the same time not making it so complex that people would be scared away from implementing it reasonably; and many other things. RPKI aims to address some specific problems relating to mis-routing - cherry picking, if you will - and to provide a 90% solution for those problems. Nick