DT/AS3320 is enabling Resource Public Key Infrastructure (RPKI) based filtering policies
Dear community, The Deutsche Telekom/AS3320 network is continuously evolving to provide best-in-class IP services, connectivity, and stability to its eBGP peers. As part of this evolution, DT will enable Resource Public Key Infrastructure (RPKI) based filtering policies within the AS3320 network. This means that in the future we won't accept any prefixes that are advertised with an incorrect matching RPKI ROA record. Prefixes validated as "unknown" will still be accepted. This implementation will discard RPKI invalid prefixes. All advertisements received by the DT network are verified against an encrypted Route Origin Authorization (ROA) registered with the appropriate Regional Internet Registry (RIR). This will help ensure the authenticity of routing information received and distributed within DT's network and prevent accidental or malicious route hijacking. The RPKI validation functionality will be fully functional during Q1 2024. Please note that after RPKI-based filtering is enabled, RPKI invalid prefix(es) received by the AS3320 will be discarded. To correct INVALID prefixes, please use the Regional Internet Registry's record of IP resources to correct or create the appropriate ROAs. Or encourage your customers to correct the entries. For additional questions or needed information, please contact me and I will loop in the necessary teams from DT. -- Kind Regards Sebastian Becker DEUTSCHE TELEKOM GLOBAL CARRIER Internet, Content and Security Solutions (ICS) Sebastian Becker Global Peering Manager (AS3320) globalcarrier.telekom.com<https://globalcarrier.telekom.com> LIFE IS FOR SHARING. You can find the obligatory information on www.telekom.de/compulsory-statement<https://www.telekom.de/compulsory-statement>
This means that in the future we won't accept any prefixes that are advertised with an incorrect matching RPKI ROA record.
i suspect that you mean won't accept announcements of a prefix if - there is a roa which would mark it invalid - and there is no roa which marks it valid but very cool! randy
participants (2)
-
Randy Bush
-
Sebastian-Becker@telekom.de