ACSP Consultation 2024.1: Consultation on RPKI/BGP Intelligence

Consultation Tracking Information

  • Requested By: Staff
  • Status: Closed
  • Comments Opened: Linked to Discussion Archives: 30 January 2024
  • Comments Closed: 08 March 2024
  • Suggestion Number: n/a

Consultation Description

ARIN is seeking feedback from the community regarding the level of information presented to the user when they are using ARIN’s Hosted Resource Public Key Infrastructure (RPKI) product. Currently when ARIN customers create Route Origin Authorizations (ROAs) in ARIN Online, they are only presented with the information in the ROA; they need to use third-party tools to predict the impact of creating the ROA on the global routing table.

We plan to add this functionality to a new RPKI dashboard that will allow a user to view the current RPKI validity state and the resulting impact to routing for the resources covered by the ROA. This will let users make more informed decisions about creating ROAs before confirming the changes and without leaving ARIN Online. This functionality will be available to ARIN customers who use ARIN Online. ARIN API users will need to use third-party tools to collect the same information.

Proposed Changes

  • Display a table in the RPKI dashboard with near-real-time route announcements for the Organization’s Internet number resources, as seen in the global BGP table.
  • The table will show the current RPKI validity state of the route announcements.
  • Display any mismatches between BGP announcements, existing ROAs, and the resulting RPKI validity state and offer suggestions on how to resolve any mismatches following current best practices.

Because most ARIN organizations use the Hosted RPKI product, we believe adding this functionality would benefit a significant number of ARIN customers and enable network operators to make better informed routing decisions.

We are seeking community input for any additional information or capabilities that should be included in this proposed new functionality development. The feedback you provide during this consultation will be instrumental in determining how ARIN moves forward with improvements to our routing security services.

Please provide comments to arin-consult@arin.net. You can subscribe to this mailing list at https://lists.arin.net/mailman/listinfo/arin-consult

This consultation will remain open until 5:00 PM ET on 29 February 2024. ARIN seeks clear direction through community input, so your feedback is important.

Thank you for your continued support to improve ARIN’s routing security services.

Regards,

John Curran
President and CEO
American Registry for Internet Numbers (ARIN)

ARIN Actions

11 March 2024

From 30 January to 8 March, ARIN held a consultation seeking feedback from the community regarding the level of information presented to the user when they are using ARIN’s Hosted Resource Public Key Infrastructure (RPKI) product. Currently when ARIN customers create Route Origin Authorizations (ROAs) in ARIN Online, they are only presented with the information in the ROA; they need to use third-party tools to predict the impact of creating the ROA on the global routing table.

ARIN is planning to add functionality to a new RPKI dashboard that will allow a user to view the current RPKI validity state and the resulting impact to routing for the resources covered by the ROA. This will allow users to make more informed decisions about creating ROAs before confirming the changes within ARIN Online. This functionality will be available to ARIN customers who use ARIN Online. ARIN API users will still need to use third-party tools to collect the same information.

Considering the community support shown in response to the consultation, ARIN plans to proceed with development work to add the following features to our RPKI dashboard:

  1. Detailed BGP Data Display: The RPKI dashboard will display a table with near-real-time route announcements, sourced from third-party data, relevant to the organization’s Internet number resources as seen in the global BGP table.
  2. RPKI Validity State Display: The table will include the current RPKI validity state of the route announcements.
  3. Guidance on Resolving Mismatches: The dashboard will highlight any mismatches between BGP announcements, existing ROAs, and their RPKI validity states, providing best practice recommendations for resolution.
  4. Express ROA Creation: The dashboard will provide workflows for the easy creation of appropriate ROAs for any NotFound and Invalid route announcements.
  5. Transparency on Data Sources: Documentation will now include a comprehensive list of third-party data sources and detail the refresh frequency for the BGP information.

ARIN thanks those who provided valuable feedback on this consultation. We rely on this input from our members and community to help steer the organization as we continue our mission in support of the operation and growth of the Internet.

1 March 2024

ARIN is extending our ongoing consultation regarding proposed improvements to our Resource Public Key Infrastructure (RPKI) services until Friday, 8 March.

We are seeking feedback from our community regarding the level of information presented to the user when they are utilizing ARIN’s Hosted RPKI product. Currently, when ARIN customers create Route Origin Authorizations (ROAs) in ARIN Online, they are presented only with the information in the ROA and need to use third-party tools to predict the global routing table impact of creating the ROA.

ARIN is planning to add functionality to a new RPKI dashboard that will allow our users to view the current RPKI validity state and the resulting impact to routing for the resources covered by the ROA. This will enable users to make more informed decisions about creating ROAs before confirming the changes and without leaving ARIN Online. Note that this functionality will only be available to those customers who use ARIN Online; ARIN API users will need to use third-party tools to collect the information.

We believe adding this functionality would benefit ARIN customers, enable network operators to make better informed routing decisions, and enhance routing security for the Internet community. As of 1 March, ARIN has received limited feedback from our community on this proposed development.

We are seeking more input from our community for any additional information or capabilities that should be included, especially from those members who utilize ARIN’s Hosted RPKI service. The feedback and suggestions you provide during this consultation will be instrumental in determining how ARIN moves forward with routing security improvements.

You may review the original consultation, published on 30 January, at https://www.arin.net/participate/community/acsp/consultations/2024/2024-1/.

Please provide comments to arin-consult@arin.net. You may subscribe to this mailing list at https://lists.arin.net/mailman/listinfo/arin-consult.

This consultation will remain open until 5:00 PM ET on Friday, 8 March. We hope you will take advantage of this additional time to share your thoughts on this pending improvement.

Thank you for your continued support to improve ARIN’s routing security services.

Related