There are many discussions going on Resource Certification or Resource Public Key Infrastructure (RPKI) and it’s one of the models for Securing Internet Routing. RPKI; the SIDR model has multiple components and deployment phase; but for successful RPKI implementation; creating Route Origin Authorization (ROA) is the first step. A ROA is a cryptographically signed object that states which Autonomous System (AS) is authorized to originate a certain prefix(es).
So far in this region (Asia Pacific) RPKI adoption rate is not impressive. Community is very slow understanding the necessity of Internet routing security and how it impacts the global Internet.
This year APNIC started “Ready for ROA” campaign; which has a significant impact on the growth in RPKI adoption in this region. From bdNOG (Bangladesh Network Operators Group) we are also part of the campaign. In our recent bdNOG events (bdNOG2 & bdNOG3) we try to make community understand the necessity of Internet routing security and how they can be part of it. We encourage them creating ROA object. We simulate the whole process; starting from ROA object creation, configure RPKI validator server and how all the components work.
After few successful events; we see a very good growth in RPKI adoption rate in Bangladesh. As of June 2015 the RPKI adoption rate in BD is 24.63% with 99.48% accuracy.
|Total Prefix||Valid||Invalid||Unknown||Accuracy||RPKI Adoption Rate|
|Nov 2014||2079 (100%)||71 (3.42%)||26 (1.25%)||1982 (95.33%)||73.2%||4.67%|
|Feb 2015||2295 (100%)||137 (5.97%)||9 (0.39%)||2149 (93.64%)||93.84%||6.36%|
|Jun 2015||2322 (100%)||569 (24.5%)||3 (0.13%)||1750 (75.37%)||99.48%||24.63%|
[Table: RPKI Adoption Rate in Bangladesh. Source: http://rpki.surfnet.nl/country.html]
Resource Certification (RPKI) need to be community-driven. As Cengiz Alaettinoglu in his recent post (Will the SIDR model succeed where the IRR model failed?) states “some of these challenges cannot be addressed using technology alone and need economic and social engineering as well”; I think success of RPKI & secure Internet routing is heavily depend on how thick & fast community get the message and understand the importance. For that local & regional NOG (Network Operators Group) can play a vital role.