ACSP Suggestion 2022.26: Add Functionality to Assist Customers Transitioning From Hosted to Delegated RPKI
Author: Michael Drzal
Submitted On: 17 October 2022
Description: The choice of hosted or delegated RPKI is made at the organization level. If a customer chooses to switch from hosted to delegated RPKI, all ROAs are invalidated and the customer must recreate all of the ROAs in the new system. During the transition period, the prefixes are not protected from BGP hijacks. This becomes a bigger deal when there are hundreds of ROAs involved. In our case our largest org has 515 prefixes each with multiple ROAs. We intentionally slow the rate of change in ROAs to avoid having unwanted effects within global internet routing. At our current rate, it would take us 25 hours to create all of the new ROAs. This is less of a concern for organizations with 1-2 prefixes that could easily recreate their ROAs within seconds. It would be beneficial to allow customers to run hosted and delegated RPKI in the same org at the same time for the purpose of transitioning between the two modes.
Value to Community: This would allow customers to switch between delegated and hosted RPKI without opening up their resources to route hijacks. Customers with a larger number of prefixes are the ones who are more likely to investigate moving to delegated RPKI, but they are also the ones most affected by this issue.
Timeframe: Not specified
Status: Open Updated: 03 November 2022
3 November 2022
Thank you for your suggestion, numbered 2022.26 on confirmed receipt, requesting that ARIN add functionality to assist customers transitioning from hosted to delegated RPKI.
We agree this feature has the potential to ease the transition between RPKI deployment types for organizations with large numbers of resources covered by ROAs. We will investigate the requirements to build this new feature and schedule it for future development. Your suggestion will remain open until implemented.
Thank you for participating in the ARIN Consultation and Suggestion Process.
American Registry for Internet Numbers (ARIN)