4. Eg Provisioning
• Dude.. Route my prefix
– ok: show me a ROA with my AS origin.
• Good Guy: (goes off and creates ROA)
– Ok: I’ll route that prefix
– Bad Guy: Curses! Foiled!!!!!
• Low cost but effecEve barrier to cheats.
– A ROA IS “proof”
• Hard to fake
– Even if you route your own INR, a ROA means nobody
else can originate your prefixes
– Hijacks become much harder
7. Goal: protect your own net
• Does RPKI fix everything?
– No.
– In fact, it doesn’t do much right now because of low
worldwide coverage
• But its sEll worth doing.
– Why? Because you should clearly show what you
operate and manage, to prevent people hijacking your
assets
• Do you want to wind up routed by somebody
without knowing about it?
– 2000 prefixes hijacked (NANOG discussion & others)