the rpki, ipv4, the news at eleven · infrastructure rpki database ip resource certs asn resource...
TRANSCRIPT
![Page 2: The RPKI, IPv4, The News at Eleven · Infrastructure RPKI DataBase IP Resource Certs ASN Resource Certs Rights to Route. 2008.06.04 IPv4 News at Eleven 10 IR Back End [Hardware] Signing](https://reader033.vdocuments.site/reader033/viewer/2022050719/5fb2d79689e41535e0444e91/html5/thumbnails/2.jpg)
2008.06.04 IPv4 News at Eleven 2
Internet Initiative Japan• Originally, an initiative to get
Japan on the Internet• Asian and some US backbone• Commercial customer base• Internet, not telephant, MPLS, ...• First commercial IPv6 deployment• WIDE, Kame, ...
![Page 3: The RPKI, IPv4, The News at Eleven · Infrastructure RPKI DataBase IP Resource Certs ASN Resource Certs Rights to Route. 2008.06.04 IPv4 News at Eleven 10 IR Back End [Hardware] Signing](https://reader033.vdocuments.site/reader033/viewer/2022050719/5fb2d79689e41535e0444e91/html5/thumbnails/3.jpg)
2008.06.04 IPv4 News at Eleven 3
We're Old Fashioned• Internet, not ATM-2 == MPLS, etc• VoIP etc over IP, it is possible!• IPSec is a big seller, the P in VPN• High touch, a lot of services• Quality, quality, and quality• And we're profitable!
![Page 4: The RPKI, IPv4, The News at Eleven · Infrastructure RPKI DataBase IP Resource Certs ASN Resource Certs Rights to Route. 2008.06.04 IPv4 News at Eleven 10 IR Back End [Hardware] Signing](https://reader033.vdocuments.site/reader033/viewer/2022050719/5fb2d79689e41535e0444e91/html5/thumbnails/4.jpg)
2008.06.04 IPv4 News at Eleven 4
Agenda• RPKI (some details) and why I care• BGP Security• IPv4 free pool run-out• Policy, Fairness, and Best Use• Routing Table Growth• What I want• What's next?
![Page 5: The RPKI, IPv4, The News at Eleven · Infrastructure RPKI DataBase IP Resource Certs ASN Resource Certs Rights to Route. 2008.06.04 IPv4 News at Eleven 10 IR Back End [Hardware] Signing](https://reader033.vdocuments.site/reader033/viewer/2022050719/5fb2d79689e41535e0444e91/html5/thumbnails/5.jpg)
2008.06.04 IPv4 News at Eleven 5
I have been working on this RPKI X.509
Certification of Resource Stuff
![Page 6: The RPKI, IPv4, The News at Eleven · Infrastructure RPKI DataBase IP Resource Certs ASN Resource Certs Rights to Route. 2008.06.04 IPv4 News at Eleven 10 IR Back End [Hardware] Signing](https://reader033.vdocuments.site/reader033/viewer/2022050719/5fb2d79689e41535e0444e91/html5/thumbnails/6.jpg)
2008.06.04 IPv4 News at Eleven 6
RFC 3779Extension
Describes IPResources
X.509 Cert
Public Key
X.509 Cert w/ 3779
![Page 7: The RPKI, IPv4, The News at Eleven · Infrastructure RPKI DataBase IP Resource Certs ASN Resource Certs Rights to Route. 2008.06.04 IPv4 News at Eleven 10 IR Back End [Hardware] Signing](https://reader033.vdocuments.site/reader033/viewer/2022050719/5fb2d79689e41535e0444e91/html5/thumbnails/7.jpg)
2008.06.04 IPv4 News at Eleven 7
192.168.0.0/16
Public Key
192.168.0.0/20
Public Key
192.168.16.0/20
Public Key
192.168.32.0/19
Public Key
192.168.16.0/24
Public Key
192.168.17.0/24
Public Key
Cert
CertCert
Cert Cert
Cert
![Page 8: The RPKI, IPv4, The News at Eleven · Infrastructure RPKI DataBase IP Resource Certs ASN Resource Certs Rights to Route. 2008.06.04 IPv4 News at Eleven 10 IR Back End [Hardware] Signing](https://reader033.vdocuments.site/reader033/viewer/2022050719/5fb2d79689e41535e0444e91/html5/thumbnails/8.jpg)
2008.06.04 IPv4 News at Eleven 8
192.168.0.0/24
Public Key
192.168.0.0/24
AS 42
Cert
ROA
Route Origin Attestation(ROA)
![Page 9: The RPKI, IPv4, The News at Eleven · Infrastructure RPKI DataBase IP Resource Certs ASN Resource Certs Rights to Route. 2008.06.04 IPv4 News at Eleven 10 IR Back End [Hardware] Signing](https://reader033.vdocuments.site/reader033/viewer/2022050719/5fb2d79689e41535e0444e91/html5/thumbnails/9.jpg)
2008.06.04 IPv4 News at Eleven 9
Resource Public Key Infrastructure
RPKI DataBase
IP Resource CertsASN Resource Certs
Rights to Route
![Page 10: The RPKI, IPv4, The News at Eleven · Infrastructure RPKI DataBase IP Resource Certs ASN Resource Certs Rights to Route. 2008.06.04 IPv4 News at Eleven 10 IR Back End [Hardware] Signing](https://reader033.vdocuments.site/reader033/viewer/2022050719/5fb2d79689e41535e0444e91/html5/thumbnails/10.jpg)
2008.06.04 IPv4 News at Eleven 10
IRBack End
[Hardware]Signing Module
IRRPKI
Priv Keys
Private RPKIKeys
Issued ROAs
My MiscConfig
Options
PublicRPKIKeys
ID=Me ID=Me
RPKIEngine
Resource PKIIP Resource Certs
ASN Resource CertsRights to Route
StubProvided
to beHacked
InternalCA Data
InternalCA Data
XML ObjectTransport& Handler
XML toParent
XML toChild
BusinessKey/Cert
Management
Private IR Biz TrustAnchor Internal
CA Data
Biz EESigning Key &Up/Down EEPublic Keys
Keys forTalking to
IR BackEnd
CertsIssued to
DownStreams
Command
My Resources
My RightsToRoute
Data
Repo Mgt
PublicationXML Protocol
![Page 11: The RPKI, IPv4, The News at Eleven · Infrastructure RPKI DataBase IP Resource Certs ASN Resource Certs Rights to Route. 2008.06.04 IPv4 News at Eleven 10 IR Back End [Hardware] Signing](https://reader033.vdocuments.site/reader033/viewer/2022050719/5fb2d79689e41535e0444e91/html5/thumbnails/11.jpg)
2008.06.04 IPv4 News at Eleven 11
RPKI Interfaces/Users
PublicKey
InfrastructureDataBase
RIR ISPContractual Cert Exchangeof ISP's Business KeyASN Cert
Addr Cert
ISP
Addr
Cert
Sub-A
lloc
ContractualCert Exchange
EndSite
Cert Exchange
AddrAttest
Replica Replica Replica Replica
Global ISP Routing Infrastructure
Rsch &Audit
Right To
Route
![Page 12: The RPKI, IPv4, The News at Eleven · Infrastructure RPKI DataBase IP Resource Certs ASN Resource Certs Rights to Route. 2008.06.04 IPv4 News at Eleven 10 IR Back End [Hardware] Signing](https://reader033.vdocuments.site/reader033/viewer/2022050719/5fb2d79689e41535e0444e91/html5/thumbnails/12.jpg)
2008.06.04 IPv4 News at Eleven 12
Layer 9 War• RIRs do not want IANA to sign
their certs!• They want to each be their own root
trust anchor• OTOH, they each want to 'own'
their customer ISPs• It is all about power, not technology
![Page 13: The RPKI, IPv4, The News at Eleven · Infrastructure RPKI DataBase IP Resource Certs ASN Resource Certs Rights to Route. 2008.06.04 IPv4 News at Eleven 10 IR Back End [Hardware] Signing](https://reader033.vdocuments.site/reader033/viewer/2022050719/5fb2d79689e41535e0444e91/html5/thumbnails/13.jpg)
2008.06.04 IPv4 News at Eleven 13
Why Do I Care?• Formal validation of who can ask
me to route what prefixes• Automation of route filters• Real routing security in the long
term• Fairness in address trading
![Page 14: The RPKI, IPv4, The News at Eleven · Infrastructure RPKI DataBase IP Resource Certs ASN Resource Certs Rights to Route. 2008.06.04 IPv4 News at Eleven 10 IR Back End [Hardware] Signing](https://reader033.vdocuments.site/reader033/viewer/2022050719/5fb2d79689e41535e0444e91/html5/thumbnails/14.jpg)
2008.06.04 IPv4 News at Eleven 14
Cheap Filter Automation• This is Ruediger's hack, not mine• Use ROAs to generate a fake IRR of
Route: objects• Put this ersatz-IRR in front of the
other IRRs when running peval()• A lot of benefit at zero RPSL or
software change!
![Page 15: The RPKI, IPv4, The News at Eleven · Infrastructure RPKI DataBase IP Resource Certs ASN Resource Certs Rights to Route. 2008.06.04 IPv4 News at Eleven 10 IR Back End [Hardware] Signing](https://reader033.vdocuments.site/reader033/viewer/2022050719/5fb2d79689e41535e0444e91/html5/thumbnails/15.jpg)
2008.06.04 IPv4 News at Eleven 15
But where I am really going in the long term is
BGP Routing Security
![Page 16: The RPKI, IPv4, The News at Eleven · Infrastructure RPKI DataBase IP Resource Certs ASN Resource Certs Rights to Route. 2008.06.04 IPv4 News at Eleven 10 IR Back End [Hardware] Signing](https://reader033.vdocuments.site/reader033/viewer/2022050719/5fb2d79689e41535e0444e91/html5/thumbnails/16.jpg)
2008.06.04 IPv4 News at Eleven 16
Diversion Attack
$ $ $
Expected Path – A->X->Y->B
AX Y
Z
B
$
$
Diverted Path - A->X->Z->Y->B
![Page 17: The RPKI, IPv4, The News at Eleven · Infrastructure RPKI DataBase IP Resource Certs ASN Resource Certs Rights to Route. 2008.06.04 IPv4 News at Eleven 10 IR Back End [Hardware] Signing](https://reader033.vdocuments.site/reader033/viewer/2022050719/5fb2d79689e41535e0444e91/html5/thumbnails/17.jpg)
2008.06.04 IPv4 News at Eleven 17
How Does Z Do It?
Y tells X and Z that costs are B:5X tells A and Z that costs are Y:5 B:10Z tells X that costs are Y:10 B:15
AX Y
Z
B
Z tells X that costs are Y:10 B:4
5 5 5
10 10
X now sends B’s traffic to Z!!!
![Page 18: The RPKI, IPv4, The News at Eleven · Infrastructure RPKI DataBase IP Resource Certs ASN Resource Certs Rights to Route. 2008.06.04 IPv4 News at Eleven 10 IR Back End [Hardware] Signing](https://reader033.vdocuments.site/reader033/viewer/2022050719/5fb2d79689e41535e0444e91/html5/thumbnails/18.jpg)
2008.06.04 IPv4 News at Eleven 18
Why is this a Hard Problem?
• X does not really know Z’s links• X does not really know Y’s links• They trust each other re costs!
AX Y
Z
B
5 10 5
10 10
![Page 19: The RPKI, IPv4, The News at Eleven · Infrastructure RPKI DataBase IP Resource Certs ASN Resource Certs Rights to Route. 2008.06.04 IPv4 News at Eleven 10 IR Back End [Hardware] Signing](https://reader033.vdocuments.site/reader033/viewer/2022050719/5fb2d79689e41535e0444e91/html5/thumbnails/19.jpg)
2008.06.04 IPv4 News at Eleven 19
• Validating IP prefix ownership does not help, as Z is not lying about B’s owning it
• Using IRR-like peering map does not help, as Z is not lying about who connects to whom
AX Y
Z
B
5 10 510 10
![Page 20: The RPKI, IPv4, The News at Eleven · Infrastructure RPKI DataBase IP Resource Certs ASN Resource Certs Rights to Route. 2008.06.04 IPv4 News at Eleven 10 IR Back End [Hardware] Signing](https://reader033.vdocuments.site/reader033/viewer/2022050719/5fb2d79689e41535e0444e91/html5/thumbnails/20.jpg)
2008.06.04 IPv4 News at Eleven 20
One Approach
AX Y
Z
B
5 10 5
10 10
•B cryptographically signs the message to Y Sb(Y->B=5)
•Y signs messages to X and Z encapsulating B’s message
Sy(X->Y=10 Sb(Y->B=5)) and Sy(Z->Y=10 Sb(Y->B=5))
•Z can only sign Sz(X->Z=10 Sy(Z->Y=10 Sb(Y->B=5)))
•Now X can verify paths and costs
•Forward path signing solves the ‘simple’ case
![Page 21: The RPKI, IPv4, The News at Eleven · Infrastructure RPKI DataBase IP Resource Certs ASN Resource Certs Rights to Route. 2008.06.04 IPv4 News at Eleven 10 IR Back End [Hardware] Signing](https://reader033.vdocuments.site/reader033/viewer/2022050719/5fb2d79689e41535e0444e91/html5/thumbnails/21.jpg)
2008.06.04 IPv4 News at Eleven 21
Costs• Crypto-CPU-intensive• Use caching• Use pre or delayed validation• Moore’s ‘Law’ is our friend• Crypto chips are cheap• Most announcements are boring
![Page 22: The RPKI, IPv4, The News at Eleven · Infrastructure RPKI DataBase IP Resource Certs ASN Resource Certs Rights to Route. 2008.06.04 IPv4 News at Eleven 10 IR Back End [Hardware] Signing](https://reader033.vdocuments.site/reader033/viewer/2022050719/5fb2d79689e41535e0444e91/html5/thumbnails/22.jpg)
2008.06.04 IPv4 News at Eleven 22
Chapter Two
IPv4 Free Pool Run-out,
Best and Fairest Use,
Address 'Trading,'
The Universe, and everything
![Page 23: The RPKI, IPv4, The News at Eleven · Infrastructure RPKI DataBase IP Resource Certs ASN Resource Certs Rights to Route. 2008.06.04 IPv4 News at Eleven 10 IR Back End [Hardware] Signing](https://reader033.vdocuments.site/reader033/viewer/2022050719/5fb2d79689e41535e0444e91/html5/thumbnails/23.jpg)
2008.06.04 IPv4 News at Eleven 23
IPv4 Free-Pool Run-Out• IPv4 Free Pool will run-out in a few years• This is not news. See graphs of Frank
Solensky over ten years ago; and Geoff's• IPv4 will go to a trading model• Registries will become title agents, not
allocators, of IPv4 space• RIRs are developing full multi-RIR/LIR open
source RPKI software
![Page 24: The RPKI, IPv4, The News at Eleven · Infrastructure RPKI DataBase IP Resource Certs ASN Resource Certs Rights to Route. 2008.06.04 IPv4 News at Eleven 10 IR Back End [Hardware] Signing](https://reader033.vdocuments.site/reader033/viewer/2022050719/5fb2d79689e41535e0444e91/html5/thumbnails/24.jpg)
2008.06.04 IPv4 News at Eleven 24
What Should Have Happened
IPv6Deployment
IPv4Free Pool
$/IPv4/24
Today
![Page 25: The RPKI, IPv4, The News at Eleven · Infrastructure RPKI DataBase IP Resource Certs ASN Resource Certs Rights to Route. 2008.06.04 IPv4 News at Eleven 10 IR Back End [Hardware] Signing](https://reader033.vdocuments.site/reader033/viewer/2022050719/5fb2d79689e41535e0444e91/html5/thumbnails/25.jpg)
2008.06.04 IPv4 News at Eleven 25
What Is Happening?
IPv6Deployment
IPv4Free Pool
$/IPv4/24
Today
We Actually Caused Change
![Page 26: The RPKI, IPv4, The News at Eleven · Infrastructure RPKI DataBase IP Resource Certs ASN Resource Certs Rights to Route. 2008.06.04 IPv4 News at Eleven 10 IR Back End [Hardware] Signing](https://reader033.vdocuments.site/reader033/viewer/2022050719/5fb2d79689e41535e0444e91/html5/thumbnails/26.jpg)
2008.06.04 IPv4 News at Eleven 26
If You Don't Believe It
![Page 27: The RPKI, IPv4, The News at Eleven · Infrastructure RPKI DataBase IP Resource Certs ASN Resource Certs Rights to Route. 2008.06.04 IPv4 News at Eleven 10 IR Back End [Hardware] Signing](https://reader033.vdocuments.site/reader033/viewer/2022050719/5fb2d79689e41535e0444e91/html5/thumbnails/27.jpg)
2008.06.04 IPv4 News at Eleven 27
IPv6 Prefix Allocations
![Page 28: The RPKI, IPv4, The News at Eleven · Infrastructure RPKI DataBase IP Resource Certs ASN Resource Certs Rights to Route. 2008.06.04 IPv4 News at Eleven 10 IR Back End [Hardware] Signing](https://reader033.vdocuments.site/reader033/viewer/2022050719/5fb2d79689e41535e0444e91/html5/thumbnails/28.jpg)
2008.06.04 IPv4 News at Eleven 28
BGP Prefix Announcements
![Page 29: The RPKI, IPv4, The News at Eleven · Infrastructure RPKI DataBase IP Resource Certs ASN Resource Certs Rights to Route. 2008.06.04 IPv4 News at Eleven 10 IR Back End [Hardware] Signing](https://reader033.vdocuments.site/reader033/viewer/2022050719/5fb2d79689e41535e0444e91/html5/thumbnails/29.jpg)
2008.06.04 IPv4 News at Eleven 29
Geoff has more recent
measurements and the last
year is better!
![Page 30: The RPKI, IPv4, The News at Eleven · Infrastructure RPKI DataBase IP Resource Certs ASN Resource Certs Rights to Route. 2008.06.04 IPv4 News at Eleven 10 IR Back End [Hardware] Signing](https://reader033.vdocuments.site/reader033/viewer/2022050719/5fb2d79689e41535e0444e91/html5/thumbnails/30.jpg)
2008.06.04 IPv4 News at Eleven 30
So How is IPv4 Going to Play Out?
![Page 31: The RPKI, IPv4, The News at Eleven · Infrastructure RPKI DataBase IP Resource Certs ASN Resource Certs Rights to Route. 2008.06.04 IPv4 News at Eleven 10 IR Back End [Hardware] Signing](https://reader033.vdocuments.site/reader033/viewer/2022050719/5fb2d79689e41535e0444e91/html5/thumbnails/31.jpg)
2008.06.04 IPv4 News at Eleven 31
Are current societal and administrative systems
fair?
What's 'fair'?
![Page 32: The RPKI, IPv4, The News at Eleven · Infrastructure RPKI DataBase IP Resource Certs ASN Resource Certs Rights to Route. 2008.06.04 IPv4 News at Eleven 10 IR Back End [Hardware] Signing](https://reader033.vdocuments.site/reader033/viewer/2022050719/5fb2d79689e41535e0444e91/html5/thumbnails/32.jpg)
2008.06.04 IPv4 News at Eleven 32
Is This 'Fair'?
![Page 33: The RPKI, IPv4, The News at Eleven · Infrastructure RPKI DataBase IP Resource Certs ASN Resource Certs Rights to Route. 2008.06.04 IPv4 News at Eleven 10 IR Back End [Hardware] Signing](https://reader033.vdocuments.site/reader033/viewer/2022050719/5fb2d79689e41535e0444e91/html5/thumbnails/33.jpg)
2008.06.04 IPv4 News at Eleven 33
That was ARIN for 2006-7Other regions have somewhat
different distributions.
No one wants to talk about this because grown-ups might
be listening.
![Page 34: The RPKI, IPv4, The News at Eleven · Infrastructure RPKI DataBase IP Resource Certs ASN Resource Certs Rights to Route. 2008.06.04 IPv4 News at Eleven 10 IR Back End [Hardware] Signing](https://reader033.vdocuments.site/reader033/viewer/2022050719/5fb2d79689e41535e0444e91/html5/thumbnails/34.jpg)
2008.06.04 IPv4 News at Eleven 34
Yes, it models the
market concentration
in North America
but ...
![Page 35: The RPKI, IPv4, The News at Eleven · Infrastructure RPKI DataBase IP Resource Certs ASN Resource Certs Rights to Route. 2008.06.04 IPv4 News at Eleven 10 IR Back End [Hardware] Signing](https://reader033.vdocuments.site/reader033/viewer/2022050719/5fb2d79689e41535e0444e91/html5/thumbnails/35.jpg)
2008.06.04 IPv4 News at Eleven 35
The RIR communities
have placed severe
barriers to entry at
the low end !
![Page 36: The RPKI, IPv4, The News at Eleven · Infrastructure RPKI DataBase IP Resource Certs ASN Resource Certs Rights to Route. 2008.06.04 IPv4 News at Eleven 10 IR Back End [Hardware] Signing](https://reader033.vdocuments.site/reader033/viewer/2022050719/5fb2d79689e41535e0444e91/html5/thumbnails/36.jpg)
2008.06.04 IPv4 News at Eleven 36
A newcomer may not be able to 'justify' a
/20-/24
![Page 37: The RPKI, IPv4, The News at Eleven · Infrastructure RPKI DataBase IP Resource Certs ASN Resource Certs Rights to Route. 2008.06.04 IPv4 News at Eleven 10 IR Back End [Hardware] Signing](https://reader033.vdocuments.site/reader033/viewer/2022050719/5fb2d79689e41535e0444e91/html5/thumbnails/37.jpg)
2008.06.04 IPv4 News at Eleven 37
Why is This?• We're saving routing table size at
the expense of barrier to entry• Should we be doing this at the end?• Instead, give me tools to filter out
intentional deaggregation• Note that RPKI certificates are
maximally aggregated
![Page 38: The RPKI, IPv4, The News at Eleven · Infrastructure RPKI DataBase IP Resource Certs ASN Resource Certs Rights to Route. 2008.06.04 IPv4 News at Eleven 10 IR Back End [Hardware] Signing](https://reader033.vdocuments.site/reader033/viewer/2022050719/5fb2d79689e41535e0444e91/html5/thumbnails/38.jpg)
2008.06.04 IPv4 News at Eleven 38
Is this how we think the last few /8s should
be distributed?
![Page 39: The RPKI, IPv4, The News at Eleven · Infrastructure RPKI DataBase IP Resource Certs ASN Resource Certs Rights to Route. 2008.06.04 IPv4 News at Eleven 10 IR Back End [Hardware] Signing](https://reader033.vdocuments.site/reader033/viewer/2022050719/5fb2d79689e41535e0444e91/html5/thumbnails/39.jpg)
2008.06.04 IPv4 News at Eleven 39
What Might We Do?• I am not an expert, but I admit it, which
is a differentiator :)• Even distribution to RIRs of the last /8s• Within RIRs, damp big request[er]s• Enable small requests• Save the last /16 for unknowns and
emergencies• Open market with transparency
![Page 40: The RPKI, IPv4, The News at Eleven · Infrastructure RPKI DataBase IP Resource Certs ASN Resource Certs Rights to Route. 2008.06.04 IPv4 News at Eleven 10 IR Back End [Hardware] Signing](https://reader033.vdocuments.site/reader033/viewer/2022050719/5fb2d79689e41535e0444e91/html5/thumbnails/40.jpg)
2008.06.04 IPv4 News at Eleven 40
ARIN Legacy Prefix Announcements
![Page 41: The RPKI, IPv4, The News at Eleven · Infrastructure RPKI DataBase IP Resource Certs ASN Resource Certs Rights to Route. 2008.06.04 IPv4 News at Eleven 10 IR Back End [Hardware] Signing](https://reader033.vdocuments.site/reader033/viewer/2022050719/5fb2d79689e41535e0444e91/html5/thumbnails/41.jpg)
2008.06.04 IPv4 News at Eleven 41
Unannounced /24 Equivalents
![Page 42: The RPKI, IPv4, The News at Eleven · Infrastructure RPKI DataBase IP Resource Certs ASN Resource Certs Rights to Route. 2008.06.04 IPv4 News at Eleven 10 IR Back End [Hardware] Signing](https://reader033.vdocuments.site/reader033/viewer/2022050719/5fb2d79689e41535e0444e91/html5/thumbnails/42.jpg)
2008.06.04 IPv4 News at Eleven 42
That's Legacy Space
There is also a lot of underutilized RIR Space Post-Legacy
![Page 43: The RPKI, IPv4, The News at Eleven · Infrastructure RPKI DataBase IP Resource Certs ASN Resource Certs Rights to Route. 2008.06.04 IPv4 News at Eleven 10 IR Back End [Hardware] Signing](https://reader033.vdocuments.site/reader033/viewer/2022050719/5fb2d79689e41535e0444e91/html5/thumbnails/43.jpg)
2008.06.04 IPv4 News at Eleven 43
How to Put IPv4 Space to Best Use?
![Page 44: The RPKI, IPv4, The News at Eleven · Infrastructure RPKI DataBase IP Resource Certs ASN Resource Certs Rights to Route. 2008.06.04 IPv4 News at Eleven 10 IR Back End [Hardware] Signing](https://reader033.vdocuments.site/reader033/viewer/2022050719/5fb2d79689e41535e0444e91/html5/thumbnails/44.jpg)
2008.06.04 IPv4 News at Eleven 44
Best Useis Supposed to beWhat Markets Do
![Page 45: The RPKI, IPv4, The News at Eleven · Infrastructure RPKI DataBase IP Resource Certs ASN Resource Certs Rights to Route. 2008.06.04 IPv4 News at Eleven 10 IR Back End [Hardware] Signing](https://reader033.vdocuments.site/reader033/viewer/2022050719/5fb2d79689e41535e0444e91/html5/thumbnails/45.jpg)
2008.06.04 IPv4 News at Eleven 45
There Already is a
Black Market in
IPv4 Address Space
![Page 46: The RPKI, IPv4, The News at Eleven · Infrastructure RPKI DataBase IP Resource Certs ASN Resource Certs Rights to Route. 2008.06.04 IPv4 News at Eleven 10 IR Back End [Hardware] Signing](https://reader033.vdocuments.site/reader033/viewer/2022050719/5fb2d79689e41535e0444e91/html5/thumbnails/46.jpg)
2008.06.04 IPv4 News at Eleven 46
Would you RatherHave a
Black Marketor an
Open Market?
![Page 47: The RPKI, IPv4, The News at Eleven · Infrastructure RPKI DataBase IP Resource Certs ASN Resource Certs Rights to Route. 2008.06.04 IPv4 News at Eleven 10 IR Back End [Hardware] Signing](https://reader033.vdocuments.site/reader033/viewer/2022050719/5fb2d79689e41535e0444e91/html5/thumbnails/47.jpg)
2008.06.04 IPv4 News at Eleven 47
I personally prefer a
possibly flawed open
market to amateur
over-regulators
![Page 48: The RPKI, IPv4, The News at Eleven · Infrastructure RPKI DataBase IP Resource Certs ASN Resource Certs Rights to Route. 2008.06.04 IPv4 News at Eleven 10 IR Back End [Hardware] Signing](https://reader033.vdocuments.site/reader033/viewer/2022050719/5fb2d79689e41535e0444e91/html5/thumbnails/48.jpg)
2008.06.04 IPv4 News at Eleven 48
The RPKI certificates
are how we make the
Market Transparent
and Safe
![Page 49: The RPKI, IPv4, The News at Eleven · Infrastructure RPKI DataBase IP Resource Certs ASN Resource Certs Rights to Route. 2008.06.04 IPv4 News at Eleven 10 IR Back End [Hardware] Signing](https://reader033.vdocuments.site/reader033/viewer/2022050719/5fb2d79689e41535e0444e91/html5/thumbnails/49.jpg)
2008.06.04 IPv4 News at Eleven 49
Routing Table Growth• Same in IPv6 as IPv4• Proportional to multi-homers• And traffic engineers• All the way to the enterprise edge• 2m+ routes soon, more later• Multi-vendor is mandatory, I do not
want to be owned ever again
![Page 50: The RPKI, IPv4, The News at Eleven · Infrastructure RPKI DataBase IP Resource Certs ASN Resource Certs Rights to Route. 2008.06.04 IPv4 News at Eleven 10 IR Back End [Hardware] Signing](https://reader033.vdocuments.site/reader033/viewer/2022050719/5fb2d79689e41535e0444e91/html5/thumbnails/50.jpg)
2008.06.04 IPv4 News at Eleven 50
Once Again -
Enterprise Scale Routers Must Handle 2m+ Routes Very Soon
and More Coming
![Page 51: The RPKI, IPv4, The News at Eleven · Infrastructure RPKI DataBase IP Resource Certs ASN Resource Certs Rights to Route. 2008.06.04 IPv4 News at Eleven 10 IR Back End [Hardware] Signing](https://reader033.vdocuments.site/reader033/viewer/2022050719/5fb2d79689e41535e0444e91/html5/thumbnails/51.jpg)
2008.06.04 IPv4 News at Eleven 51
Routing Improvements• Where was Clarence 15 Years Ago?• We have been algorithmically lazy• We never engaged the maths folk• Routing is considered uninteresting in
today's CS programs• We have more economists and lawyers
in the game than mathematicians
![Page 52: The RPKI, IPv4, The News at Eleven · Infrastructure RPKI DataBase IP Resource Certs ASN Resource Certs Rights to Route. 2008.06.04 IPv4 News at Eleven 10 IR Back End [Hardware] Signing](https://reader033.vdocuments.site/reader033/viewer/2022050719/5fb2d79689e41535e0444e91/html5/thumbnails/52.jpg)
2008.06.04 IPv4 News at Eleven 52
Where I do Not Want to Go• Complexity• More devices in my network• Complexity• Reliance on more protocols• Complexity• Centralization (GENI et alia)• And did I mention Complexity?
![Page 53: The RPKI, IPv4, The News at Eleven · Infrastructure RPKI DataBase IP Resource Certs ASN Resource Certs Rights to Route. 2008.06.04 IPv4 News at Eleven 10 IR Back End [Hardware] Signing](https://reader033.vdocuments.site/reader033/viewer/2022050719/5fb2d79689e41535e0444e91/html5/thumbnails/53.jpg)
2008.06.04 IPv4 News at Eleven 53
Complexity is the Arch-Enemy of Scalability and
Margins
![Page 54: The RPKI, IPv4, The News at Eleven · Infrastructure RPKI DataBase IP Resource Certs ASN Resource Certs Rights to Route. 2008.06.04 IPv4 News at Eleven 10 IR Back End [Hardware] Signing](https://reader033.vdocuments.site/reader033/viewer/2022050719/5fb2d79689e41535e0444e91/html5/thumbnails/54.jpg)
2008.06.04 IPv4 News at Eleven 54
Whose Margins?
“Screw you! I make billions of dollars from selling you complexity.”
-- A friend at a vendor
![Page 55: The RPKI, IPv4, The News at Eleven · Infrastructure RPKI DataBase IP Resource Certs ASN Resource Certs Rights to Route. 2008.06.04 IPv4 News at Eleven 10 IR Back End [Hardware] Signing](https://reader033.vdocuments.site/reader033/viewer/2022050719/5fb2d79689e41535e0444e91/html5/thumbnails/55.jpg)
2008.06.04 IPv4 News at Eleven 55
End ofmy spiel!