Project

MF RPKI Project

What is RPKI?

RPKI (Resource Public Key Infrastructure) is an authentication infrastructure which verifies who is a legitimate owner of the resources e.g. IP addresses and AS numbers. Even if your prefix is hijacked by someone, RPKI enables other Internet participants to verify to whom that prefix really belongs, and reject the forged one. RPKI system has been operated by each Regional Internet Registries. In Asia-Pacific region, APNIC has been running it officially, and JPNIC has been running it on the trial basis in Japan since 2013.

Necessity

On October 1st, 2014, Internet Multifeed Co. (MF) launched ROA cache server.

The demand for route validation in BGP is growing. It can be easily hijacked and users may not reach to the correct destination by misconfiguration or malicious attack. We see many incidents, where unauthorized route advertisement (such as "YouTube incident", happened in 2008) gives negative influence to the Internet world.

While cooperating with JPNIC and some of the major router vendors, we have been testing ROA cache servers, router implementations and giving feedbacks to the community about RPKI technologies in order to improve reliability of the Internet routing since 2012.

We will continue to contribute to the enhancement of the Internet by supporting the evolution of RPKI technology.

What is ROA?

ROA (Route Origin Authorization) is the data which proves the correct combination of IP Addresses and AS numbers in BGP messages. At this time, ROA public cache information we provide is the ROA information which MF provides in public. ROA can be described with multiple prefixes, and it enables routers to validate whether the BGP route announced from the Internet is truly correct or not. And there is a concept "maxlen (maximum prefix length)" in ROA. In addition to Prefix and Origin AS, this describes that until how long prefix length are allowed. As a result, a ROA enables to describe even if longer prefixes.

What is BGP Origin Validation?

BGP Origin Validation is to validate reliability of information of Origin AS when a BGP routers receives prefixes.

What is RPKI-RTR?

RPKI-RTR (RPKI-to-Router) is a transfer protocol for the part of the ROA information provided by RPKI system to routers. It is defined in RFC6810. This protocol can make routers obtain necessary information for BGP Origin Validation.