Hi Michael, On 11 Sep 2012, at 20:09, Michael Markstaller <mm@elabnet.de> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I see three ways: 1) RPKI 2) RPKI 3) RPKI
I fully agree! But I ask: where is it used?
In total, well over a thousand LIRs in the RIPE region have set up RPKI. Together they created ROAs to cover about four /8s worth of IPv4 address space: http://certification-stats.ripe.net/?type=roa-v4u
Obviously nowhere at Tier1/2, otherwise we wouldn't see such a big mess like 80/5 in BGP.. Is it up to me, a XS-provider to start with - while its globally ignored?
Out of the 100 largest LIRs, roughly half has got RPKI enabled, but many of these parties are careful when implementing new technology. There is a lot of testing going on that you can't see on the public Internet, just like LIRs who hold an IPv6 allocation that they don't announce (yet). However, if you point your RPKI Validator at prefixes like 91.0.0.0/10, 82.240.0.0/12 or 84.96.0.0/13, you'll see that it's not all bad news. The big question is when operators will actually start using RPKI Origin Validation in their BGP decision making workflows. It's a complicated question to answer, with many factors involved. Cheers, Alex