What is RPKI?

Resource Public Key Infrastructure, abbreviated as RPKI is security layer that provides security for Internet’s BGP routing infrastructure. It is also known as Resource Certification and is based on public key infrastructure (PKI) framework. It provides additional security and reliability to BGP.

In this article, we will discuss a special case in which:

“Customer is receiving full internet routing table from both the ISP 1 and 2 and running ibgp between the routers R1 and R2.” 

Problem Statement: When rpki on the router most of the routes status is not found as per rpki server and rpki status is not found for external route but iBGP route status for rpki is valid which should not happen.

Before enabling RPKI:

After enabling RPKI:

Due to this, the customer device starts to prefer iBGP routes instead of eBGP routes causing sub optimal routing in the network.

Internally and locally sourced paths aren’t subject to validation.  The assumption is that you trust your own equipment. You can use the ‘neighbor x.x.x.x announce rpki state’ config to ensure that your routers communicate validation status to each other.

Continue Reading:

iBGP vs eBGP – Know the difference between iBGP & eBGP

Sample configuration for eBGP and iBGP

ABOUT THE AUTHOR

Rashmi Bhardwaj

I am here to share my knowledge and experience in the field of networking with the goal being – “The more you share, the more you learn.”

I am a biotechnologist by qualification and a Network Enthusiast by interest. I developed interest in networking being in the company of a passionate Network Professional, my husband.

I am a strong believer of the fact that “learning is a constant process of discovering yourself.”
– Rashmi Bhardwaj (Author/Editor)