Re: [routing-wg] Add BGPsec support to Hosted RPKI?

On 10/11/21 11:33 AM, Tim Bruijnzeels wrote: Wrt BGPSec.. I am actually very happy to see that so many people are in favor of supporting it. I hope that router vendors are watching. To the best of my knowledge BGPSec has only been implemented in Bird and Quagga. The main value of supporting BGP

Re: [routing-wg] Add BGPsec support to Hosted RPKI?

in the long run, the number of routers which might have individual keys may be on the order of the number of prefixes. we are still learning about fragmentation as v4 use matures. i am not worried about storing the full key set on a validating router. i am worried about crypto load on validating

Re: [routing-wg] Add BGPsec support to Hosted RPKI?

On Mon, 11 Oct 2021 at 12:29, Randy Bush wrote: > > ASPA is orthogonal to BGPSec. It lets AS holders declare who their > upstreams are > > (in the context of BGP Path, not business relation). Even if this > information is > > not yet used in routers in an automated way, a clear text validated > o

Re: [routing-wg] Add BGPsec support to Hosted RPKI?

> ASPA without BGPsec is barely different to RPSL. Yes, I am squinting very > hard to make that conclusion indeed. my old eyes can not make it.

Re: [routing-wg] Add BGPsec support to Hosted RPKI?

> RIPE NCC may have substantial resources, but they are applied sequentially. > Perhaps > RIPE NCC can shed a light on the effort involved, but I suspect it's more than > we might think. > > In that context, I am not against BGPSec as such, there are just things that I > would like to see first:

Re: [routing-wg] Add BGPsec support to Hosted RPKI?

On Mon, 11 Oct 2021 at 11:52, Tim Bruijnzeels wrote: > > On 11 Oct 2021, at 12:45, Matthew Walster wrote: > > > > I genuinely don't understand the reason for obstruction here, what am I > missing? > > Perhaps this sentence could have made clear that I am not 'obstructing': > My apologies if I'

Re: [routing-wg] Add BGPsec support to Hosted RPKI?

> On 11 Oct 2021, at 12:45, Matthew Walster wrote: > > I genuinely don't understand the reason for obstruction here, what am I > missing? Perhaps this sentence could have made clear that I am not 'obstructing': "In that context, I am not against BGPSec as such, there are just things that

Re: [routing-wg] Add BGPsec support to Hosted RPKI?

On Mon, 11 Oct 2021 at 10:33, Tim Bruijnzeels wrote: > ASPA is orthogonal to BGPSec. It lets AS holders declare who their > upstreams are > (in the context of BGP Path, not business relation). Even if this > information is > not yet used in routers in an automated way, a clear text validated outp

Re: [routing-wg] Add BGPsec support to Hosted RPKI?

On Mon, Oct 11, 2021 at 11:33:40AM +0200, Tim Bruijnzeels wrote: > Why now? There are published RFC and running code. Time for the next step. > RIPE NCC may have substantial resources, but they are applied > sequentially. Perhaps RIPE NCC can shed a light on the effort > involved, but I suspect i

[routing-wg] New on RIPE Labs: Hunting Routing Resources with IRRHound

Dear colleagues, In this guest post on RIPE Labs, Francesco Ferreri introduces IRRHound, a new package from Namex for tracking routing resources across multiple IRR sources: https://labs.ripe.net/author/francesco-ferreri/hunting-routing-resources-with-irrhound/ Kind regards, Alun Davies RIPE L

Re: [routing-wg] Add BGPsec support to Hosted RPKI?

> On 9 Oct 2021, at 11:13, Marco Marzetti wrote: > > Hello, > > Erik is right. BGPSec was definitely ahead of time when the IETF started > working on it and many have marked it as bleeding edge for good reasons.The > technologies required to support it in the wild weren't just there back th