[RPKI-Deployers] Follow-up on Cloudflare RPKI deployment
Chris Morrow
morrowc at google.com
Thu Nov 29 17:30:40 EST 2018
On Wed, Nov 28, 2018 at 3:34 PM Jérôme Fleury via RPKI-Deployers <
rpki-deployers at puck.nether.net> wrote:
>
>
>
> ---------- Forwarded message ----------
> From: "Jérôme Fleury" <jf at cloudflare.com>
> To: rpki-deployers at puck.nether.net
> Cc:
> Bcc:
> Date: Wed, 28 Nov 2018 12:34:11 -0800
> Subject: Follow-up on Cloudflare RPKI deployment
> Hi everyone,
>
> a quick follow-up on RPKI deployment at Cloudflare.
>
> Most of our Anycast routes, including DNS, are signed.
>
>
ok, cool. this seems to have been simple/straightforward for you? (I assume
you just used the hosted model bits from the various RIR's you have
resources from?)
> We are slowly rolling out RPKI validation in all our PoPs, 44 as of today
> (see https://twitter.com/Jerome_UZ/status/1067586674090172416) with the
> objective of having 90% of our PoPs doing validation by the end of the
> year. Current limitation for the remaining 10% is Arista eOS that does not
> support RTR natively so we'll have to code our own stuff.
>
>
wow, this is pretty cool :)
> We use our own lightweight RTR software to talk to routers.
> https://github.com/cloudflare/gortr
> And we pull data from our CDN (https://rpki.cloudflare.com/rpki.json)
>
> We do invalid=reject on all peering sessions, and we'll follow-up with
> transits in 2019Q1.
>
> It's important to clarify that we're still keeping default routes to our
> transits, we're not creating blackholes.
>
> Let us know if you have any questions!
>
>
just the one up a bit :) thanks for the update.
>
>
> ---------- Forwarded message ----------
> From: "Jérôme Fleury via RPKI-Deployers" <rpki-deployers at puck.nether.net>
> To: rpki-deployers at puck.nether.net
> Cc:
> Bcc:
> Date: Wed, 28 Nov 2018 12:34:11 -0800
> Subject: [RPKI-Deployers] Follow-up on Cloudflare RPKI deployment
> --
> RPKI-Deployers mailing list
> RPKI-Deployers at puck.nether.net
> https://puck.nether.net/mailman/listinfo/rpki-deployers
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/mailman/private/rpki-deployers/attachments/20181129/84357520/attachment.html>
More information about the RPKI-Deployers
mailing list