-
Notifications
You must be signed in to change notification settings - Fork 5
Home
Thomas King edited this page Nov 25, 2015
·
20 revisions
Nowadays, at an IXP there are usually a lot of peers running routers not capable of running RPKI/BGPSec validation. However, RPKI and BGPSec validation already provides some value as it allows to detect route leaks / hijacks. Typically, many peers rely on the route-server anyway for receiving BGP information from other peers connected to IXP. So the route-server is a good place where RPKI and BGPSec validation could happen if there is a way of signalling the RPKI and BGPSec validation results to the peers.
This document is about a means to signal RPKI and BGPSec validation done at the route-server to peers. The way of signalling should be equal at all IXPs offering this service so that customers can easily consume this service.
- AMS-IX Falcon: AMS-IX is already running a route-server in beta mode providing RPKI validation. For signalling the following BGP communities are used:
- Prefix has ROA status: VALID (6777:65012)
- Prefix has ROA status: INVALID (6777:65022)
- Prefix has ROA status: UNKNOWN (6777:65023)