GR-IX drops RPKI invalids
Dear all, It has been a long journey but thankfully it has come to an end!!! We are happy to announce that as of today (06/07/2020) GR-IX route servers drop RPKI invalids for both our infrastructures in Athens & Thessaloniki. GR-IX [1] is a neutral and independent Internet Exchange in Greece, owned and operated by GRNET [2] (the Greek NREN). Please let us share with you the brief version of the story behind it and any lessons learned. - GRNET was an early supporter of RPKI. It started by signing ROAs for GRNET and their customers (all Greek Universities and Research Institutes). Moreover, it performed marking on each prefix received for further statistical / monitoring process. In the early days, GRNET was not dropping RPKI invalids, but put those prefixes with lower priority in their routing table. - GRNET & GR-IX were early supporters of MANRS [3] and successfully became a member of MANRS as a Network Operator & IXP respectively. - As of 10/2019, GRNET decided to start dropping invalid IPv4 and IPv6 RPKI prefixes received from GR-IX peerings and from GRNET upstream. No major issues were reported until now. - As of today, GR-IX drops invalid IPv4 & IPv6 RPKI prefixes on their route servers. We are using the BGP large communities proposed by euro-ix [4] in order to mark the prefixes accordingly. We noticed no prefix with RPKI invalid status which hasn't already been filtered by our route servers due to our strict IRRDB filtering. We would like to thank all our members (GRNET & GR-IX ones) for their help and support in this effort - either via simply signing their ROAs, or by participating in our tech mailing list and discussions we had during various fora. Internet was built of smaller or bigger ecosystems such as ours in Greece, in which we take great pride of its vibrant participation and technical expertise and are happy of being part of it. We do hope you’re staying safe and healthy during these hard times and wish you a great summer. Should you need any further information, please do contact us. Best regards, Michalis [1]: https://www.gr-ix.gr <https://www.gr-ix.gr/> [2]: https://grnet.gr/en/ <https://grnet.gr/en/> [3]: https://www.manrs.org <https://www.manrs.org/> [4]: https://www.euro-ix.net/en/forixps/large-bgp-communities/ <https://www.euro-ix.net/en/forixps/large-bgp-communities/>
Awesome news Mike, well done to you and your team. And thank you for sharing the background story with us, wish to see more success stories from your side in the near future. Best regards, Stavros Konstantaras | Sr. Network Engineer | AMS-IX M +31 (0) 620 89 51 04 | T +31 20 305 8999 ams-ix.net
On 6 Jul 2020, at 12:07, Michael Oikonomakos <moikonom@admin.grnet.gr> wrote:
Dear all,
It has been a long journey but thankfully it has come to an end!!!
We are happy to announce that as of today (06/07/2020) GR-IX route servers drop RPKI invalids for both our infrastructures in Athens & Thessaloniki. GR-IX [1] is a neutral and independent Internet Exchange in Greece, owned and operated by GRNET [2] (the Greek NREN).
Please let us share with you the brief version of the story behind it and any lessons learned.
- GRNET was an early supporter of RPKI. It started by signing ROAs for GRNET and their customers (all Greek Universities and Research Institutes). Moreover, it performed marking on each prefix received for further statistical / monitoring process. In the early days, GRNET was not dropping RPKI invalids, but put those prefixes with lower priority in their routing table. - GRNET & GR-IX were early supporters of MANRS [3] and successfully became a member of MANRS as a Network Operator & IXP respectively. - As of 10/2019, GRNET decided to start dropping invalid IPv4 and IPv6 RPKI prefixes received from GR-IX peerings and from GRNET upstream. No major issues were reported until now. - As of today, GR-IX drops invalid IPv4 & IPv6 RPKI prefixes on their route servers. We are using the BGP large communities proposed by euro-ix [4] in order to mark the prefixes accordingly. We noticed no prefix with RPKI invalid status which hasn't already been filtered by our route servers due to our strict IRRDB filtering.
We would like to thank all our members (GRNET & GR-IX ones) for their help and support in this effort - either via simply signing their ROAs, or by participating in our tech mailing list and discussions we had during various fora. Internet was built of smaller or bigger ecosystems such as ours in Greece, in which we take great pride of its vibrant participation and technical expertise and are happy of being part of it.
We do hope you’re staying safe and healthy during these hard times and wish you a great summer.
Should you need any further information, please do contact us.
Best regards, Michalis
[1]: https://www.gr-ix.gr <https://www.gr-ix.gr/> [2]: https://grnet.gr/en/ <https://grnet.gr/en/> [3]: https://www.manrs.org <https://www.manrs.org/> [4]: https://www.euro-ix.net/en/forixps/large-bgp-communities/ <https://www.euro-ix.net/en/forixps/large-bgp-communities/>_______________________________________________ connect-wg mailing list connect-wg@ripe.net https://lists.ripe.net/mailman/listinfo/connect-wg
participants (2)
-
Michael Oikonomakos
-
Stavros Konstantaras