And the fourth one is to facilitate the validation of routing information. We have a whole series talking about route origin authorization but to summarize: all routes originated need to be signed to indicate that your AS is authorized to originate these routes and this is designed to help secure the global routing system. So our advice: sign ROAs, the Route Origin Authorization, for all originated routes using the RPKI, the Resource Public Key Infrastructure, and make sure all customer originated routes are also signed. We also advise to validate received routes from all peers, give high priority for validated routes, discard invalid routes and perhaps low priority for any unsigned routes.
© Produced by Philip Smith and the Network Startup Resource Center, through the University of Oregon.
Attribution-NonCommercial 4.0 International (CC BY-NC 4.0)
This is a human-readable summary of (and not a substitute for) the license. Disclaimer. You are free to: Share — copy and redistribute the material in any medium or format Adapt — remix, transform, and build upon the material The licensor cannot revoke these freedoms as long as you follow the license terms. Under the following terms: Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use. NonCommercial — You may not use the material for commercial purposes. No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.