I hope this is the right forum - not sure which RIPE WG is the best to ask these newbie questions. 1. How can one know how many prefixes from the global routing table of 500K prefixes are "RPKI"ed? The best I can find is telnet to rpki-rtr.ripe.net and start counting lines via "sho ip bgp rpki table" or scan http://localcert.ripe.net:8088/roas I know of http://certification-stats.ripe.net/ but that is a graph showing how many LIRs are RPKIed, not how many prefixes have been RPKIed. 2. If I have a prefix and I want to do a similar lookup like whois to see certain parameters of that specific prefix, how can I see whether that specific prefix has RPKI enabled? Is there a whois-rpki thingie? Thanks, Hank
Hi Hank, On Mon, 3 Feb 2014, Hank Nussbacher wrote:
I hope this is the right forum - not sure which RIPE WG is the best to ask these newbie questions.
1. How can one know how many prefixes from the global routing table of 500K prefixes are "RPKI"ed? The best I can find is telnet to rpki-rtr.ripe.net and start counting lines via "sho ip bgp rpki table" or scan http://localcert.ripe.net:8088/roas I know of http://certification-stats.ripe.net/ but that is a graph showing how many LIRs are RPKIed, not how many prefixes have been RPKIed.
You might want to check the RPKI dashboard at http://rpki.surfnet.nl, some stats there (on global, RIR and AS level).
2. If I have a prefix and I want to do a similar lookup like whois to see certain parameters of that specific prefix, how can I see whether that specific prefix has RPKI enabled? Is there a whois-rpki thingie?
bgpmon has a nice whois addition for quering prefixes. see their blog from 2011: https://www.bgpmon.net/securing-bgp-routing-with-rpki-and-roas/ Regards, Jac -- Jac Kloots Network Services SURFnet bv
At 09:23 03/02/2014 +0100, Jac Kloots wrote:
Hi Hank,
On Mon, 3 Feb 2014, Hank Nussbacher wrote:
I hope this is the right forum - not sure which RIPE WG is the best to ask these newbie questions.
1. How can one know how many prefixes from the global routing table of 500K prefixes are "RPKI"ed? The best I can find is telnet to rpki-rtr.ripe.net and start counting lines via "sho ip bgp rpki table" or scan http://localcert.ripe.net:8088/roas I know of http://certification-stats.ripe.net/ but that is a graph showing how many LIRs are RPKIed, not how many prefixes have been RPKIed.
You might want to check the RPKI dashboard at http://rpki.surfnet.nl, some stats there (on global, RIR and AS level).
2. If I have a prefix and I want to do a similar lookup like whois to see certain parameters of that specific prefix, how can I see whether that specific prefix has RPKI enabled? Is there a whois-rpki thingie?
bgpmon has a nice whois addition for quering prefixes.
see their blog from 2011: https://www.bgpmon.net/securing-bgp-routing-with-rpki-and-roas/
Great! Thanks. -Hank
Regards,
Jac
-- Jac Kloots Network Services SURFnet bv
Hi Hank, On 3 Feb 2014, at 07:24, Hank Nussbacher <hank@efes.iucc.ac.il> wrote:
I hope this is the right forum - not sure which RIPE WG is the best to ask these newbie questions.
1. How can one know how many prefixes from the global routing table of 500K prefixes are "RPKI"ed? The best I can find is telnet to rpki-rtr.ripe.net and start counting lines via "sho ip bgp rpki table" or scan http://localcert.ripe.net:8088/roas I know of http://certification-stats.ripe.net/ but that is a graph showing how many LIRs are RPKIed, not how many prefixes have been RPKIed.
That page has a drop-down menu allowing you to select different stats. For example: http://certification-stats.ripe.net?type=roa-v4 http://certification-stats.ripe.net?type=roa-v4u
2. If I have a prefix and I want to do a similar lookup like whois to see certain parameters of that specific prefix, how can I see whether that specific prefix has RPKI enabled? Is there a whois-rpki thingie?
You can also search for it on the BGP Preview page of the RPKI Validator. For example: http://localcert.ripe.net:8088/bgp-preview?q=93.175.146.0/24 You can also search for a validity state, for example: http://localcert.ripe.net:8088/bgp-preview?q=valid So, 20,443 RPKI Valid BGP announcements in the global routing table at the moment. Cheers, Alex
participants (3)
-
Alex Band -
Hank Nussbacher -
Jac Kloots