Hello all!

 

Until now we have not used RPKI. For us at nic.at and RcodeZero DNS we are not on the validating side of RPKI, but we would only create ROAs, using the RIPE service. I could just login to the RIPE portal and in 5 minutes it is done. But I am a bit concerned about activating the service and do not care anymore. Hence I think we should have some monitoring too.

 

We have a defined target state, eg. prefix 83.136.32.0/21 should be announced from AS30971. So I think our monitoring should check:

-          is there a ROA for 83.136.32.0/21 from AS30971

-          is the ROA valid, ie. not expired

-          Will validating ISPs accept these prefixes? Will validating ISPs reject this prefix if the orign AS is wrong (maybe having a local Routinator or queriying a public service via API).

 

Do you think this makes sense? Is such monitoring already available and I only have to subcribe somewhere (free or comemrcial)? Do I miss something? Any hints what I should do before and after creating the ROAs?

 

Thanks

Klaus

 

PS: What happens if my ROAs expire. Will then my BGP announcements be ignored by validating ISPs or will it just be as if there are no ROAs at all?

 

--

Klaus Darilion, Head of Operations

nic.at GmbH, Jakob-Haringer-Straße 8/V

5020 Salzburg, Austria