Recently, the Japan Network Information Center (JPNIC) released a set of guidelines aimed at mitigating unauthorized routing incidents on the Internet using RPKI Route Origin Authorizations (ROA). These guidelines provide technical and operational recommendations to enhance the security and reliability of Internet routing, particularly for ISPs and network operators.
The objective of these guidelines is to promote the adoption of RPKI-based security measures. Targeting a broad audience that includes both managerial and engineering professionals in the ISP and network operations sectors, the document offers a structured approach to implementing and maintaining RPKI.
Developed with inputs from the Japanese Network Operators Group (JANOG), research from the Ministry of Internal Affairs and Communications cybersecurity initiatives, and expert consultations, the guidelines offer practical insights based on real-world deployment experiences.
Who are the guidelines for?
The guidelines provide a structured approach to RPKI implementation, covering both organizational and technical aspects. They explain the business risks associated with unauthorized routes and highlight the importance of adopting RPKI to mitigate these threats. By understanding these risks, decision-makers can justify investment in RPKI and align their security strategies with industry best practices.
For network operators, the guidelines offer step-by-step instructions on creating ROAs and deploying Route Origin Validation (ROV). These technical measures ensure that only legitimate route announcements are propagated, reducing the risk of route hijacking and improving overall network security.
The guidelines also outline role-based measures for different types of network operators. IP holders are required to create ROAs and maintain consistency between their ROA records and routing information to prevent discrepancies. Autonomous System (AS) operators are encouraged to implement ROV to filter out invalid routes, strengthening the security of the global routing system.
The guidelines include real-world configuration examples for routers and outline security measures for BGP beyond RPKI, ensuring that operators have practical resources to facilitate implementation.
Staying updated
Version 1 of the guidelines is available now in Japanese (translatable) in web and PDF formats and is supplemented with practical configuration examples for ROV deployment on routers:
- ‘Guidelines for measures against unauthorized routes on the Internet using RPKI ROA‘ (web)
- ‘Guidelines for Countermeasures against Illegal Routes on the Internet Using RPKI ROA Version 1.0‘ (PDF)
- ‘Example of ROV configuration‘ (web)
JPNIC plans to update the guidelines regularly in collaboration with experts to incorporate evolving best practices and emerging threats and has also developed an online tool, rov-check, which allows network operators to verify whether their networks are effectively protected by ROV.
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.