Child pages
  • RPKI Validation

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Attacks against the routing system are increasing, and it's not uncommon in today's Internet world to experience prefix hijacking.  The IETF has for a while, been woking on an Internet Resource Public Key Infrastructure, to help validate routing (BGP) announcements.  

Details on RPKI and how this works is best followed up through the RIR.  The RIPE-NCC in particular have excellent resources for you to peruse.

 

At INX-ZA, we operate three (3) RPKI validators that are made available to the general public for use.  These are spread across the country, and are available at: 

  • https://vc1.inx.net.net
  • https://vc2.inx.net.za
  • https://vc3.inx.net.za

for you to manually, or, through the built-in API, validate your prefixes.  

Of course the point of RPKI validation is for your network equipment to do this automatically, so we suggest the following configuration: 

 

router bgp 65001
 bgp rpki server tcp 2001:43F8:1F4:100::40 port 8282 refresh 120600
bgp rpki server tcp 2001:43F8:1F5:100::40 port 8282 refresh 120600
bgp rpki server tcp 2001:43F8:1F3:100::40 port 8282 refresh 120600
 bgp rpki server tcp 196.10.52.40 port 8282 refresh 120600
bgp rpki server tcp 196.10.54.40 port 8282 refresh 120600
bgp rpki server tcp 196.10.55.40 port 8282 refresh 120600

 

Should you need assistance with this, please feel free to send a mail to ops [at]  inx.net.za