Hi Nick, On Mon, Sep 20, 2021 at 03:04:17PM +0100, Nick Hilliard wrote:
Job Snijders via routing-wg wrote on 19/09/2021 23:28:
BGPsec is a RPKI-based technology which enables network operators to transitively validate whether a given BGP UPDATE
is anyone using bgpsec in production?
Not that I'm aware of, but I do know folks are actively studying the feasibility and potential benefits in prepration for potential production deployments. Still early days. I believe there are multiple barriers to BGPsec deployment in 'production' environments, one of which is that it is a bit cumbersome to certify & publish BGP router keys. Support to manage BGPsec keys via the RPKI dashboard will make it easier for people to experiment with the various open source BGPsec implementations, which in turn paves the way to wider deployment in a few years. In order to gauge uptake of BGPsec, it first should be made (more easily) available to operators. This thread is not intended as an in-depth explorations of the pro's and con's of BGPsec, but rather to inquiry whether there is any appetite to implement a (relatively simple) and standardized keying operation, and leave it up to operators to use the service or not. Kind regards, Job