[arin-ppml] prop266 - re-framing the discussion

David R Huberman daveid at panix.com
Thu May 2 12:00:48 EDT 2019


Adam Thompson wrote:

> My suggested direction to the AC and/or the board would therefore be: 
> Find something ARIN can do to help combat the problem (more 
> effectively).

This post is in reaction to "more effectively".

I'd like to please remind the community of the efforts ARIN and the RIRs 
have already taken to help combat BGP hijacking over the last 20 years:

1) In 1999, Cengiz Alaettinoglu, Curtis Villamizar, Elise Gerich, David 
Kessens, David Meyer, Tony Bates, Daniel Karrenberg, and Marten Terpstra 
published RFC 2622, defining the spec for Routing Policy Specification 
Language (RPSL) which was intended to be used in RIPE DB and other routing 
arbiters (like RADB) to help network operators specify routing policy, and 
help peers to accept prefixes authorized by these policies. I hope you 
recognize all or most of those names, but if you don't, know that these 
folks were part of an active and engaged RIR community who worked hard to 
improve internet engineering.

2) More was needed, however, so thirteen years later, Matt Lepinski and 
Stephen Kent authored RFC 6480, "An Infrastructure to Support Secure 
Internet Routng" laying out the foundation of RPKI.

The RIRs have spent millions and millions of dollars developing a strong, 
robust, and secure RPKI which the network operator community can entrust 
to protect routes against rogue announcements. RIPE and others 
have developed the necessary software to effectively deploy RPKI. RIR 
outreach campaigns have been going on for years to get people to issue 

It's the spring of 2019 in the northern hemisphere, and we are seeing 
exponential growth in the adoption of RPKI. Upwards of 150 ASes are now 
believed to be validating incoming route origins against the RPKI. That's 
double the number of ASes that were believed to be validating back in 
December (72).

There's still work to be done (especially at ARIN with its unique 
challenges). And while that work continues, I expect that over the next 
12-24 months, we will start to see research produced that measures the 
effectiveness of the RPKI efforts.

Conclusion:  The RIRs have been working for more than 20 years on 
contributions to improve and promote a secure routing infrastructure. 
Millions of member dollars have been spent towards these efforts. Today, 
RPKI + IRR is a very powerful solution for combating route hijacking.

Speaking solely for himself,

More information about the ARIN-PPML mailing list