|When:||Tuesday, 26 February 2013|
|Time:||17:30 - 21:00 (UTC +8)|
|Chair:||Randy Bush (IIJ) and Taiji Kimura (JPNIC)|
BGP Origin Validation based on the Resource Public Key Infrastructure (RPKI) is in production, all RIRs have services, Cisco and Juniper have shipping code, operators are deploying. It protects against accidental mis-origination, the most common routing error we see today. There are many RFCs.
We will explain and demonstrate the work-flow for using the full implementation in open source RPKI software from GUI to running router. There are essentially two components:
- The Certification Authority (CA), whereby an Internet Registry (NIR, large LIR, etc.) issues certificates for 'customers' and allows customers to use the CA's web GUI to issue Routing Origin Authorizations (ROAS) for their prefixes.
- Relying Party (RP) software which gathers the data from the CAs and gives operators tools to use the data in the NOC and directly in routers to validate BGP announcements.
In January, prior to the JaNOG meeting, a Relying Party Hackathon was held in Tokyo for the Japanese operator community. Operators used JPNIC's hosted GUI, installed RP software on their own servers, and watched the effect on BGP routing on the real Internet.
In this hackathon, operators can build and use the entire system, end to end. Newcomers can build RP software (you will need a server somewhere on the net), run it, and watch the effect on real routers on the real Internet. NIRs and adventurous LIRs can install CA software on their servers and use it to manage certification, customers, etc.