There are many discussions going on about Resource Certification or Resource Public Key Infrastructure (RPKI) and it’s one of the models for Securing Internet Routing. RPKI, the SIDR model has multiple components and deployment phases but for successful RPKI implementation, creating a Route Origin Authorization (ROA) is the first step. A ROA is a cryptographically signed object that states which Autonomous System (AS) is authorized to originate a certain prefix(es).
So far in this region (Asia Pacific), the RPKI adoption rate is not impressive. The community has been very slow in understanding the necessity of Internet routing security and how it impacts the global Internet.
This year APNIC started the “Ready to ROA” campaign which has had a significant impact on the growth in RPKI adoption in this region. From bdNOG (Bangladesh Network Operators Group) we are also part of the campaign.
At our recent bdNOG events (bdNOG2 & bdNOG3) we have tried to make the community understand the necessity of Internet routing security and how they can be part of it. We encourage them to create ROA objects. We simulate the whole process; starting from ROA object creation, configuring RPKI validator server and showing how all the components work.
After few successful events, we have seen a very good growth in RPKI adoption rate in Bangladesh. As of June 2015 the RPKI adoption rate in BD was 24.63% with 99.48% accuracy.
RPKI Adoption in Bangladesh (Source)
Resource Certification (RPKI) needs to be community-driven. As Cengiz Alaettinoglu, in his recent post stated: “some of these challenges cannot be addressed using technology alone and need economic and social engineering as well”. I think the success of RPKI and secure Internet routing is heavily dependent on how thick and fast the community the gets the message and understands the importance. For that local and regional NOGs (Network Operators Groups) can play a vital role.
Fakrul (Pappu) Alam is the Chief Technology Officer at bdHUB. Fakrul is also a founding member of bdCERT (Bangladesh Computer Emergency Response Team) and bdNOG (Bangladesh Network Operators Group). This article was originally published on LinkedIn. You can follow him on Twitter at @rapappu.
Editor’s note: Fakrul discussed RPKI in Bangladesh earlier this year at APRICOT 2015 too – he explains more in the video below.
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.
I think the adoption rate is very much impressive. Clearly bdNOG is creating some good effect on the network operators. Thanks to Pappu vai ( Fakrul ) and APNIC to encourage operators about the importance of RPKI.
Nepal should follow this and re-igninte the RPKI moment using NPNOG and NPIX platform