So let's summarize what we've covered so far in this series. All AS operators must consider deploying signing ROAs so doing that through the registry interface and dropping invalids. You can actually test today if your network is doing both maybe your upstream provider is claiming to support route origin validation and have the raw sign RIPE NCC have a very useful test URL shown on the screen we can actually check if your network or your address space or the network address space you're using has the raw signed and that the network is dropping invalids our PGI deployment is an important step to securing the routing system it doesn't secure the path but that's the next important hurdle to cross with origin validation the opportunities for malicious or accidental miss origination disappear internet labs are very interesting and useful frequently asked questions on the website as shown in the URL on the screen let's have a look at some of the current certification status so these were taken when this recording was made and it shows the current stats ripe ncc from this web page the certification stats type net and it shows the status in other words the number of rows created by the holders of a certificate at each of the five registry regions if we look at general stats per registry region we again see for each of the five registries how many rows have been created harmony are related to ipv4 prefixes or how many ipv4 prefixes are affected and how many ipv6 prefixes are affected right now the ripe NCC region is while out in front but a panic and their own regions are also seeing a large amount of uptick some other useful URLs are shown on the screen about rpki deployment status NIST keeps a track of deployment status for research purposes there's the RIPE NCC statistics page I mentioned earlier an APNIC R&D have raw status via the RIPE NCC validator which is running at APNIDs R&D site and you can have a look at that for the current status of all the rows if you haven't gotten ready access to a router and the validation table on there so our summary is to deploy rpki it is in the Internet's best interest with why deployment of rpki it becomes possible to only allow validated prefix announcements into the internet routing system this will prevent miss originations, it will prevent prefix hijack and makes the internet infrastructure more reliable and more stable and this will allow the next step to make an attempt to validate the AS-Path.
© Produced by Philip Smith and the Network Startup Resource Center, through the University of Oregon.
Attribution-NonCommercial 4.0 International (CC BY-NC 4.0)
This is a human-readable summary of (and not a substitute for) the license. Disclaimer. You are free to: Share — copy and redistribute the material in any medium or format Adapt — remix, transform, and build upon the material The licensor cannot revoke these freedoms as long as you follow the license terms. Under the following terms: Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use. NonCommercial — You may not use the material for commercial purposes. No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.