nanog mailing list archives
NTT/AS2914 enabled RPKI OV 'invalid = reject' EBGP policies
From: Job Snijders <job () ntt net>
Date: Thu, 26 Mar 2020 00:50:39 +0000
Dear group, Exciting news! Today NTT's Global IP Network (AS 2914) enabled RPKI based BGP Origin Validation on virtually all EBGP sessions, both customer and peering edge. This change positively impacts the Internet routing system. The use of RPKI technology is a critical component in our efforts to improve Internet routing stability and reduce the negative impact of misconfigurations or malicious attacks. RPKI Invalid route announcements are now rejected in NTT EBGP ingress policies. A nice side effect: peerlock AS_PATH filters are incredibly effective when combined with RPKI OV. For NTT, this is the result of a multiyear project, which included outreach, education, collaboration with industry partners, and production of open source software shared among colleagues in the industry. Shout out to Louis & team (Cloudflare) for the open source GoRTR software and the OpenBSD project for rpki-client(8). I hope some take this news as encouragement to consider RPKI OV "invalid == reject"-policies as safe to deploy in their own BGP environments too. :-) If you have questions, feel free to reach out to me directly or the NTT NOC at <noc () ntt net>. Kind regards, Job
Current thread:
- NTT/AS2914 enabled RPKI OV 'invalid = reject' EBGP policies Job Snijders (Mar 25)
- Re: NTT/AS2914 enabled RPKI OV 'invalid = reject' EBGP policies Michel Py (Mar 25)
- Re: NTT/AS2914 enabled RPKI OV 'invalid = reject' EBGP policies JASON BOTHE via NANOG (Mar 25)
- Re: NTT/AS2914 enabled RPKI OV 'invalid = reject' EBGP policies Tom Hill (Mar 26)
- Re: NTT/AS2914 enabled RPKI OV 'invalid = reject' EBGP policies Brandon Butterworth (Mar 26)
- Re: NTT/AS2914 enabled RPKI OV 'invalid = reject' EBGP policies Tom Hill (Mar 26)
- Re: NTT/AS2914 enabled RPKI OV 'invalid = reject' EBGP policies JASON BOTHE via NANOG (Mar 25)
- Re: NTT/AS2914 enabled RPKI OV 'invalid = reject' EBGP policies Jared Mauch (Mar 26)
- Re: NTT/AS2914 enabled RPKI OV 'invalid = reject' EBGP policies Michel Py (Mar 25)
- Re: NTT/AS2914 enabled RPKI OV 'invalid = reject' EBGP policies Ben Maddison via NANOG (Mar 31)