Resources¶
This page provides an overview of projects that support RPKI. It includes, statistics, measurements projects and presentations about operational experiences. Finally, there is an overview of all work in the Internet Engineering Task Force relevant to RPKI.
The Software Projects page an overview of all available tools for using RPKI.
Books¶
BGP RPKI: Instructions for use, by Flavio Luciani & Tiziano Tofoni (PDF)
Juniper Day One: Deploying BGP Routing Security, by Melchior Aelmans & Niels Raijer (PDF)
Insights and Statistics¶
There are several initiatives that measure the adoption and data quality of RPKI:
- Global country stats, with AS and IP prefix analysis, by NLnet Labs
- Cirrus Certificate Transparency Log, by Cloudflare
- Global certificate and ROA statistics, by RIPE NCC
- RPKI Deployment Monitor, by NIST
- The RPKI Observatory, by nusenu
- RPKI connection test, by RIPE Labs
Operational Experiences¶
- Using RPKI with IXP Manager
- Documentation to set up Routinator, OctoRPKI and the RIPE NCC Validator with BIRD 2.x
- Use Routinator with Cisco IOS-XR
- Blog post by Fabien Vincent
- Wikimedia RPKI Validation Implementation
- Documentation by Arzhel Younsi describing RPKI validator and router configuration
- Dropping RPKI invalid routes in a service provider network
- Lightning talk by Nimrod Levy - AT&T, NANOG 75, February 2019
- RPKI and BGP: our path to securing Internet Routing
- Blog post by Jérôme Fleury & Louis Poinsignon - Cloudflare, September 2018
- RPKI For Managers
- Presentation by Niels Raijer - Fusix Networks, NLNOG Day 2018, September 2018
- RPKI at IXP Route Servers
- Presentation by Nick Hilliard - INEX, RIPE 78, May 2019
Examples of BGP Hijacks¶
- How Verizon and a BGP Optimizer Knocked Large Parts of the Internet Offline Today
- Cloudflare Blog, 24 June 2019
- BGP / DNS Hijacks Target Payment Systems
- Oracle Internet Intelligence, 3 August 2018
- Shutting down the BGP Hijack Factory
- Oracle Dyn, 10 July 2018
- Suspicious event hijacks Amazon traffic for 2 hours, steals cryptocurrency
- Ars Technica, 24 April 2018
- Popular Destinations rerouted to Russia
- BGPmon, 12 December 2017
- Insecure routing redirects YouTube to Pakistan
- Ars Technica, 25 February 2008
IETF Documents¶
Most of the original work on RPKI standardisation for both origin and path validation was done in the Secure Inter-Domain Routing (sidr) working group. After the work was completed, the working group was concluded.
Since then, the SIDR Operations (sidrops) working group was formed. This working group develops guidelines for the operation of SIDR-aware networks, and provides operational guidance on how to deploy and operate SIDR technologies in existing and new networks.
All relevant drafts and standards can be found in the archives of these two working groups, with a few exceptions, such as draft-ietf-grow-rpki-as-cones.