That time RPKI/ROV has been Re:confirmed.

日本語版はこちら

Abstract

ROA coverage of IP addresses in Japan is increasing. However, do you feel that there is a threshold for implementing BGP route validation – ROV using ROA?

Even if you have created ROA, if you do not perform ROV, you will not be able to protect the connectivity of the Internet when unauthorized BGP routes (*1) flow through your network. It is no wonder that NTT(*4) and IIJ(*5), as well as AWS(*2), Cloudflare, Microsoft, Google(*3), and other major international carriers, have introduced this system in Japan.

In response to this situation, the “Ministry of Internal Affairs and Communications(MIC): Survey on the Introduction and Promotion of Network Security Technologies in ISPs” was conducted in FY2022 to find out how to lower the threshold for ROV introduction. The content of this survey project was communication, confirmation work, and exploration. Three months passed in a blink of an eye, including multiple types of ROA cache servers, operation of multiple vendors’ ROVs, and research and study with an eye toward ASPA (*6), which is expected to become widespread in the future. And now, FY2023. In response to the passionate calls(?) we will be back again.

This research project is an opportunity for operators, including students interested in network technology, to discuss, share know-how, and think about the future. You are invited to participate in the information exchange and discussion – “eXchange”. Which ROA cache servers could be used and how? What is the best way to handle BGP routes that are invalid as a result of ROV?

In this session, we will share what we have learned through demonstration experiments and discuss what will happen in Japan in the future.

*1 In BGP, the routing information in which the origin AS is different from the original one. The AS path is not relevant here.

*2 “How AWS is helping to secure internet routing”, Fredrik Korsbäck, 13 JAN 2021, https://aws.amazon.com/jp/blogs/networking-and-content-delivery/how-aws-is-helping-to-secure-internet-routing/

*3 Is BGP safe yet? – from Cloudflare, https://isbgpsafeyet.com/

*4 “Monitoring, awareness, and community at the centre of NTT’s RPKI deployment”, Dan Fidler, 15 Dec 2022, https://blog.apnic.net/2022/12/15/monitoring-awareness-and-community-at-the-centre-of-ntts-rpki-deployment/

*5 “Let’s start RPKI with IIJ/AS2497”, Yomogita Yuichi, Hori Takafusa, JANOG47, https://www.janog.gr.jp/meeting/janog47/wp-content/uploads/2020/11/janog47_iij_rpki_20210118.pdf

*6 Autonomous System Provider Authorization, a mechanism to authorize the inclusion of AS path information for a specific AS in BGP routes, which can be used in conjunction with ROV to verify AS paths and detect route leaks, etc.

Place

1F Conference Room 101

Date

Day1 Wednesday, July 5th, 2023/18:00～19:00(1Hour)

Presenter