RPKI at the MyIX Route Servers

MyIX deployed RPKI (2020) at the MyIX Route Servers in order to increase the security of the Internet routing system and support the adoption of RPKI. The adoption was essential to Internet security, and the benefits were visible from day one for all peers and their customers.

 

What is RPKI?

Resource Public Key Infrastructure (RPKI) was well explained by APNIC here.

 

To create ROAs, you can follow the steps in the attached file.

Please download here.

 

How can I check my route's validation status after you have deployed RPKI ?

You can see the RPKI validation status in the MyIX Looking Glass.

 

Search for your prefixes in the Looking Glass indicating the validation status:

BGP Community String

RPKI Status

55822:65021

VALID: ROA valid for prefix, origin AS number, prefix and prefix length

55822:65022

UNKNOWN: ROA UNKNOWN for the prefix, MyIX route server will accept the prefix and distribute to the peer, as long as it is matching all the prefix-filter in the route server. (55822:65022)

55822:65023

INVALID: ROA INVALID prefix, origin AS number or prefix length does not match. MyIX Route Servers will not reject these prefixes until further the ROA filtering, for now, it would just do a tagging

 

Ideally all the routes should have validation status as 55822:65021

If you have any questions, please do not hesitate to contact us.