[RPKI-Deployers] Run your validator on your router!
Job Snijders
job at ntt.net
Fri Jul 10 14:35:36 EDT 2020
> you don't have a redundant validation process / path for each device?
> is that important? maybe? :) do you want to do hitless software
> upgrades of the validation code?
I can do hitless upgrades through the atomicity of POSIX.1 mv(1)... ?
> I suppose there are a million flowers we can permit to bloom... and
> each gardener (flower-er) can decide what works for them.
> I'm a long term non-proponant of putting lots of extra functions on my
> router... I get that this is 'hard' for some folk (small deployments),
> I think it cuts out some flexibility though :(
But why are you non-proponant? To me it seems inevitable.
- we know there should be /at least/ one validation process per ASN
(69,092 ASNs currently visible in the DFZ)
- the minimum amount of routeres inside a given AS, is probably 1
- the maximum amount is probably 4,000 routers in a single ASN
- majority of transit providing networks is probably no more than 100
bgp boxes
- majority of stub networks are probably 2 routers
The internet is probably less than 2 million routers, of which 1 milion
are operated by a small group of people. That small group of really
large networks probably knows to aggregate/dampen their load on the
RPKI.
The other milion devices are on their way to rsync and RRDP servers near
you. Why set up RTR servers when you can flick the switch on the router
appliance easily too? Operators will choose the path of least
resistance. We will have to prepare for it.
Kind regards,
Job
More information about the RPKI-Deployers
mailing list