Page 1 of 1

RPKI

Posted: Fri Jan 31, 2014 10:33 am
by asturmas
Someone'm already use RPKI in CCR? How to do it? http://www.ripe.net/lir-services/resour ... tification

For example ripe only have configuration for cisco and juniper http://www.ripe.net/lir-services/resour ... figuration

Re: RPKI

Posted: Sun Feb 09, 2014 12:53 pm
by asturmas
Any help?

Re: RPKI

Posted: Tue Jul 08, 2014 2:36 pm
by JanZorz
I'm eagerly waiting for Mikrotik to deploy RPKI route origin validation. Currently I'm doing it on ASR1k router but would gladly move this function to CCR1036 as it seems to be powerfull enough to take care of this stuff. Mikrotik staff, any information when can we expect RPKI in RouterOS?

Cheers, Jan Zorz

Re: RPKI

Posted: Tue Jul 08, 2014 2:39 pm
by mrz
We have plans for RPKI in RouteroS v7

Re: RPKI

Posted: Tue Jul 08, 2014 5:40 pm
by JanZorz
Thank you very much for this information. Any idea when ROS 7 will be available for testing? I'm willing to test RPKI for you (IPv6 and IPv4 routes) if you send me the code as soon as it's available ;)

Cheers, Jan Zorz

Re: RPKI

Posted: Tue Jul 08, 2014 7:16 pm
by rextended
First wait the fix of all bug on ROS 6.x or you have 7.x full of bug...

Re: RPKI

Posted: Sat Jul 12, 2014 3:32 am
by asturmas
Any ETA for ROS 7?

Re: RPKI

Posted: Fri Jun 10, 2016 4:38 am
by asturmas
Two years later... Still no plans to RPKI or Router OS 7?

Re: RPKI

Posted: Tue May 02, 2017 4:00 pm
by Hammy
Still waiting...

Re: RPKI

Posted: Wed May 03, 2017 5:18 am
by nz_monkey
Still waiting on the long over due RouterOS v7

:(

Re: RPKI

Posted: Fri May 19, 2017 1:49 pm
by helectro
+1 me too still

Re: RPKI

Posted: Fri Aug 04, 2017 12:22 am
by JimmyNyholm
+1 Any day now....

Re: RPKI

Posted: Wed Nov 08, 2017 4:38 pm
by kcdyer
RPKI would be great right about now...

Re: RPKI

Posted: Tue Sep 18, 2018 8:53 am
by watigre
novedades sobre ros 7 con rpki?

Re: RPKI

Posted: Tue Oct 02, 2018 1:56 pm
by ab130kd
ANY SOLUTION FOR ??? https://www.ripe.net/manage-ips-and-asn ... figuration
RIPE need certification....

Re: RPKI

Posted: Tue Oct 02, 2018 8:48 pm
by chubbs596
RPKI is becoming a requirement more and more,

When can we expect this?

Re: RPKI

Posted: Thu Oct 11, 2018 7:45 pm
by schadom
+1

We have plans for RPKI in RouteroS v7
MT might consider backporting RPKI from ROSv7 to 6.x :-)

Re: RPKI

Posted: Fri Oct 19, 2018 10:02 pm
by Hammy
Some Internet Exchanges are going to start requiring RPKI validation to participate in 2019.

MIKROTIK NEEDS TO RELEASE A RELIABLE RPKI IMPLEMENTATION BY THE END OF THE YEAR!

Re: RPKI

Posted: Fri Oct 19, 2018 10:38 pm
by patrick7
dream on :lol:

Re: RPKI

Posted: Sat Oct 20, 2018 3:16 pm
by mutinsa
+1.

Re: RPKI

Posted: Mon Oct 22, 2018 4:19 pm
by schadom
Some Internet Exchanges are going to start requiring RPKI validation to participate in 2019.

MIKROTIK NEEDS TO RELEASE A RELIABLE RPKI IMPLEMENTATION BY THE END OF THE YEAR!

Yes, SwissIX for example.

MT please really consider to implement RPKI in ROS. Most other vendors already have it and the trend is clearly going in that direction. ROS would need to be able to query an external RPKI server (like https://github.com/RIPE-NCC/rpki-validator-3) and allow for filtering (ROA valid, invalid, not-found) via route filters.

Re: RPKI

Posted: Tue Oct 23, 2018 6:38 pm
by kcdyer
Yes, SwissIX for example.
YYCIX in Calgary AB, Canada is starting to implement as well.
https://yycix.ca/communities.html

I'm sure it's just a matter of time before we cannot even peer in the in exchange without it.

Re: RPKI

Posted: Wed Oct 31, 2018 9:07 pm
by schadom
I'm sure it's just a matter of time before we cannot even peer in the in exchange without it.
If you have valid ROAs for all your routes, no need to worry with IXPs or routeservers for now, although ultimately we also need to increase ROV adoption among networks, therefore we need routing software like ROS to support it!

Re: RPKI

Posted: Thu Nov 01, 2018 7:19 am
by chubbs596
+10000 for RPKI

Re: RPKI

Posted: Mon Dec 17, 2018 11:54 pm
by netravnen
We have plans for RPKI in RouteroS v7
Any chance one can be a test pilot along-side Jan Z. on this one? Alpha testing ROS 7?

2014 was around first time RPKI was asked about. Not we hit 2018.... Still ways to go for ROS 7 being available with RPKI and Large BGP Communities support (I assume?).

Re: RPKI

Posted: Wed Jun 26, 2019 8:06 am
by coelliale
2019 up up up

Re: RPKI

Posted: Wed Jun 26, 2019 9:59 am
by mmc
rpki is an urgent must - and because it's a long path from beta to stable production (which is necessary for bgp), we need the beta asap...

rpki would have prevented this worldwide issue:
https://blog.cloudflare.com/how-verizon ... ine-today/

Re: RPKI

Posted: Fri Jun 28, 2019 3:21 pm
by mutinsa
up
+1.

Re: RPKI

Posted: Fri Jun 28, 2019 7:57 pm
by helectro
+1 again

Re: RPKI

Posted: Sat Jun 29, 2019 8:05 am
by TigerHuang
+1 push it

Re: RPKI

Posted: Sat Jun 29, 2019 5:48 pm
by netravnen
Thank you very much for this information. Any idea when ROS 7 will be available for testing? I'm willing to test RPKI for you (IPv6 and IPv4 routes) if you send me the code as soon as it's available ;)
I agree with J.Z. here. If you are willing to accept select community members into an Alpha stage ROSv7 testing program.

Re: RPKI

Posted: Sat Jun 29, 2019 5:58 pm
by netravnen
Yes, SwissIX for example.
YYCIX in Calgary AB, Canada is starting to implement as well.
https://yycix.ca/communities.html

I'm sure it's just a matter of time before we cannot even peer in the in exchange without it.

Validity state Standard Extended Large
Prefix is included in client's AS-SET None None 53339:11:1
Prefix is NOT included in client's AS-SET None None 53339:11:2
Origin ASN is included in client's AS-SET None None 53339:11:3
Origin ASN is NOT included in client's AS-SET None None 53339:11:4
Prefix matched by a RPKI ROA for the authorized origin ASN None None 53339:11:5
Prefix matched by an entry of the ARIN Whois DB dump None None 53339:11:6

Hurts a bit you cannot do indirect discard of RPKI invalid routes there based upon the only current supported standard/extended bgp communities in ROSv6. :| When they only have deployed the functionality with bgp large communities at YYCIX.