Hi All, I have just moved a big network from one company to another, and found that it is not possible to move RPKI records as well, as it works with all linked (more specific) inetnums, routes, etc. It was a big pain to quickly set it up again in the new account, and also some risk to lose network connectivity. Is it possible to implement that feature? Or just only me was need in it? I will need to move another similar network soon ;) Also when you work with RPKI records, after some short period of time the page automatically updates, killing sort and output preferences, which is very inconvenient. -- WBR, Max Tulyev MT6561-RIPE - Jabber maxtul@netassi.st - Phone +447441953543 - Telegram @mt6561
hi max,
I have just moved a big network from one company to another, and found that it is not possible to move RPKI records as well, as it works with all linked (more specific) inetnums, routes, etc.
i bet. as you obviously know, your records are a tree, and you are changing the root. a possible path is that the CA software you use, either delegated or ncc-hosted, could export the semantic (not crypto) content of the resources and roas in a form which could then be imported into new root. i am not aware of CA software, other than the antique DRL, which could export and import csv, which supports this. as it may not be a frequently needed feature, it may be hard to convince CA devs to develop such a thing.
It was a big pain to quickly set it up again in the new account, and also some risk to lose network connectivity.
there should be no risk if you do the mops in order. first delete all roas and give things time to settle, maybe a day or so. then they all go NotFound, you can then populate the new tree's roas at leisure, and bob's your uncle. you might even populate the new tree earlier, iff the CA hierarchy will let you have both trees at the same time. randy
participants (2)
-
Max Tulyev -
Randy Bush