Nibbles & Bits

RPKI Client Project Update

by | June 19, 2020

rpki-client
Last summer, we announced the release of the long-awaited rpki-client project that we helped fund in a joint sponsorship with NetNod, IIS.SE, and SUNET. 

Specifically, rpki-client is an implementation that covers the client side of RPKI (Resource Public Key Infrastructure), which is responsible for downloading and validating route origin statements. The project culminated in usable software that since then has been freely available under an open-source license for anyone who would like to make use of it.

Now, a year later, we’re pleased to report that some important updates have recently been made to the RPKI client library! But first, some background information.

The Importance of RPKI

As Job Snijders of the OpenBSD Project put it, “large-scale robust RPKI-based Origin Validation contributes to a more secure and reliable Internet.” Indeed, using RPKI, the legitimate holders of number resources can control the operation of Internet routing protocols to prevent route hijacking and routing misconfigurations.

The American Registry for Internet Numbers (ARIN), in particular, has taken a leading role in promoting the use of RPKI – and support for its widespread implementation has only grown of late, as other global players undertake efforts to increase RPKI usage and help secure the Internet’s routing infrastructure.

(One of the most recent positive developments includes Latvian network equipment manufacturer MikroTik “dipping its toes” into RPKI Origin Validation, which will have “profound consequences for the regions that heavily rely on MikroTik to connect to the global Internet routing system,” notes Snijders.)

To that end, it’s crucial to have more RPKI validators available for general use among network operators – and we’re pleased to have been able to assist in bringing one to fruition! More technical information about the rpki-client project’s origin and architecture can be found in our previous announcement post here.

The Latest News

During NANOG 79 earlier this month, an update on ARIN’s new Internet Routing Registry was presented by President and CEO John Curran. He spent some time detailing the RPKI functionality that has been added to the RPKI client library by ARIN in the last six months as well, namely the following:

  • Repository generation changed to run every 5 minutes
  • Added RPKI Repository Delta Protocol (RRDP) support as an alternative to rsync for repository retrieval
  • Changed the default validity period of a Route Origin Authorization (ROA) to 825 days
  • Delegated RPKI server updated to support RFC 8083 Up/Down protocol (with much time spent testing various delegated software implementations to ensure interoperability)
  • Added the capability to list and delete ROAs in ARIN’s Registration RESTful Service (Reg-RWS)

A few other upgrades and enhancements are also on the way, as Curran outlined in his presentation here.

For us at 6connect, it has been gratifying to see such advancements being made in the RPKI ecosystem – and we’re proud to have played a role in promoting Internet routing security for the benefit of the entire online community. Onward and upward!

“We decided to move our rather complex IP address and DHCP management process to ProVision and it has worked out great for us!! The team at 6connect were very flexible and went above and beyond to accommodate our requirements and helped to make the migration as smooth and hitch free as possible. Kudos to the team @ 6connect!”

Premkumar Subramaniam
Head of R&D
viewquest

“We are excited to be partnering with 6connect to leverage their technology and talent. We particularly admire their long-standing IPv6 contributions and their ability to service and support customers in this area, some who are the largest service provider in the world. The 6connect executive leadership team and technical team are great to work with and we look forward to many partnered projects to help customers address their Cloud, IoT and Security needs with IPv6. Automation, workflow and orchestration are critical to the success of most of these projects and 6connect is well positioned to help our mutual customers in those areas.”

Ed Horley
Co-Founder & CEO
HexaBulid

“Enterprises can struggle managing purposefully segmented DDI architectures with any agility. Our partnership with 6connect empowers customers with complex infrastructures to move faster to service the business while consolidating visibility and control over their estate.”

Andrew Wertkin
Chief Strategy Officer,
BlueCat

“6connect’s approach to automation addresses quite a few challenges with physical and virtual networks – how to improve the agility of your current network infrastructure without sacrificing reliability and adoption of future network technologies.”

Pär Lange
Investment Director
SwissCom

“A customer is looking for an integrated solution from a single vendor for both IPAM and DNS. Through the 6connect reseller program, Secure64 is able to offer the most secure DNS solutions married to a unique combination of IPAM and resource provisioning that customers want. It’s a marriage made in heaven.”

Mark Beckett
VP of Marketing
Secure64

“A huge benefit of working with the 6connect team is that they devoted a lot of resources to get our products integrated so we had the turnkey solution that we could take to market. It was very easy to work with their team to get product integrated and successfully launched.”

Mark Beckett
VP of Marketing
Secure64

You have IPv6!

You’re on IPv4.

Explore ProVision Suite

Resource Controller

DNS/DNSSEC

IPAM

DHCP Controller

Peering Controller

REST API

Talk to one of our Engineers

6connect