RPKI Roll Out on LINX’s AS5459 Network
By Manolis Mathioudakis, Senior Network Engineer
In 2020 LINX announced it had successfully introduced the RPKI framework for all its route server locations in the UK and US. In this blog we explain why this was important for the AS5459 network, and how LINX members can benefit with some good practice tips today.
RPKI (Resource Public Key Infrastructure) is designed to secure the Internet’s routing infrastructure with an additional element of filtering and security before data is passed from one network to another. It uses a cryptographic method of signing records that associate a BGP route announcement with the correct originating AS number.
Having RPKI running adds an extra layer of defence to stop route leaks and hijacks into the AS5459 network. All London border routers currently have a session established with the RPKI validator, downloading the VRPs (Validated ROA Payload) from the validator cache server.
VRPs is a compiled list of ASN, prefix and maximum length of prefix which is pushed to the border routers with the use of the RTR (RPKI to Router Protocol).
LINX runs the Routinator 3000 validator software written in the Rust programming language, created by the NLnet Labs network research group.
By downloading and having an updated VRP list on the router doesn’t mean that the router will filter all the invalid routes. To achieve this, we updated our import policies on all Transit and Peering services with members, along with a few customers for whom we provide different services. Please note that LINX only reject only the invalid routes learnt, not the unknown and unverified.
To confirm, having RPKI enabled in the AS5459 network ensures all members peering with LINX receive a healthy and secure routing table.
Further Resources
< Go Back