Now let's have a look at some of the status. The slide up now shows the status of rpki servers. This is taken from SEACOM's Looking Glass in Johannesburg. You can see from the slide that it shows the number of prefixes the number of connection attempts failures and the general status of the connection that this router has with the validator a second example on the slide also checking the server shows an AR any network in Bhutan this is on a Juno's router again it shows the validation status with the router talking with the validator cache let's have a look at the rpki table at the time of recording the v4 rpki table has 84,000 network entries and 91,000 record entries and we're using a total of about nine megabytes of memory if you look at actual table itself you see all the sign prefixes the subnet size and the max length in other words the smallest subnet that you would expect to see and this is the smallest subnet that the raw covers it also lists the origin a s and the neighbor referred to in the slide is the validator cache that this entry was received from let's look at the ipv6 one ipv6 one we see about 14000 network entries and almost 16,000 record entries using about two megabytes of memory and again you see the v6 prefix entry the subnet sizes the origin es and again the validator cache these were seen on check the prefixes you see summer look quite interesting including one prefix on the slide there which is a slash 32 with max length 128 from earlier you will be aware that this means any subnet of that / 32 all the way down to 128 will be considered valid if originated by a s 75 21 and then we look at the BGP table this is a Cisco IOS output again courtesy of c-calm and you see on the left-hand column the ends the V's and the eyes representing the not Farren's the valid and the invalids notice the invalids shown on the screen the invalids there have no right arrow beside them or greater than sign beside them this is because Cisco IOS automatically drops invalids without operator intervention or without operator policy so the prefixes are marked there they are invalid because the originating autonomous system is incorrect do the same for v6 and again we see examples of not found examples of valid and examples of invalid let's look at some of the examples in detail but look at that show our PKR state valid here I've got a BGP routing table entry for a v6 slash 32 and if you look in the iOS output you see rpki state valid highlighted in red if you look at the next one we see a BGP routing table entry for this slash 48 the router indicates that there's no best path as I mentioned before Cisco IOS automatically drops invalids and you see the D comments they're an output rpki state invalid and the final example of not found there there's no raw existing for this slash 32 and the router indicates this by saying RPKI State not found.
© Produced by Philip Smith and the Network Startup Resource Center, through the University of Oregon.
Attribution-NonCommercial 4.0 International (CC BY-NC 4.0)
This is a human-readable summary of (and not a substitute for) the license. Disclaimer. You are free to: Share — copy and redistribute the material in any medium or format Adapt — remix, transform, and build upon the material The licensor cannot revoke these freedoms as long as you follow the license terms. Under the following terms: Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use. NonCommercial — You may not use the material for commercial purposes. No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.