LINX have recently completed the roll out of RPKI framework for all of their LINX route server locations in the UK and US. This is a big step forward for LINX, being part of a handful of Internet exchanges and networks globally who have now adopted this additional security layer for their members and customers.
RPKI (Resource Public Key Infrastructure) is designed to secure the Internet’s routing infrastructure with an additional element of filtering and security before data is passed from one network to another. It uses a cryptographic method of signing records that associate a BGP route announcement with the correct originating AS number.
BGP (border gateway protocol) is how networks ‘peer’ with each other, but this isn’t 100% secure alone, with reports of BGP hijacks and attacks often reported within industry. Prior to the RPKI rollout, LINX used IRRDB (Internet Routing Registry Data Base) filtering when validating the correct origin AS address and valid route-object and destination.
With RPKI now in place, LINX benefits from knowing that members peering with the route servers (AS8714) receive a clean and healthy table of routes. Making peering with the LINX route severs much more trustworthy and secure.
Mo Shivji from the LINX Engineering Team explains what benefit rolling out RPKI has on the wider membership;
”“Members benefit from having any invalid prefixes being announced to the route-server dropped and obtaining a table of routes that have been checked and cleansed. It also encourages members to adopt RPKI when their prefixes fail validation in turn keeping their IRRDB objects up to date.”
Tim Preston, Senior Network Engineer added;
”“Currently RPKI is only rolled out on the LINX Route-Servers. We are aiming to run RPKI on AS5459 where we peer with members on our border routers and receive IP Transit services.”