Major Advances in Internet Resource Certification
29/06/2011
RPKI, the Internet resource certification program, made great progress during LACNIC XV. This program, deployed in January 2011, responds to the need for greater Internet stability and security. RPKI will allow organizations holding Internet resources to generate certificates that prove their right to use IPv4 and IPv6 addresses assigned within the region, a significant improvement to the address routing process.
During LACNIC XV the complex RPKI technology was analyzed from various points of view, including presentations, hands-on workshops, and a panel of experts who debated the present and future of routing system security, which currently includes RPKI as its main focus and a future with BGPsec.
The strategy adopted for the occasion focused mainly on LACNIC member representatives and included a tutorial where the key aspects and main components of the technology were presented. Within this framework, practical sessions were held where participants were able to configure their certificates and ROAs and interact with LACNIC’s RPKI system. During other RPKI architecture components such as validators and cache servers were configured and RPKI/origin validation was implemented on routing hardware. This hands-on workshop allowed participants to gain in-depth knowledge of RPKI, how it works, its uses, and the problems it can solve.
These RPKI related activities were reinforced at the LACSEC event with a mid-level presentation focused on explaining RPKI and its architecture in a more technical language and based on more advanced examples.
Finally, the Public Policy Forum included a panel made up by LACNIC’s technical staff and software developers, equipment manufacturers (Cisco and Juniper), network operators (Hurricane Electric), and security researchers (BBN Technologies) who were invited to present their experiences with RPKI.
Together with those held during LACNIC XIII and XIV, the activities described above served to generate interest at a time of when the system is reaching great maturity. For this is was essential to move from an abstract concept (RPKI with no system, no routers, no practical cases) to the examples and cases presented at LACNIC XV.
Arturo Servín highlighted the fact that a “significant percentage” of organizations had understood the importance RPKI. “The hands-on session, the hijacking example we presented during LACSEC, and Hurricane Electric’s presentation mentioning the importance of RPKI from a network operator’s point of view and how it can begin to be implemented even if routers don’t currently support origin validation were very useful”, said LACNIC’s Technical Manager.
A lot to be done. LACNIC’s Technical Manager admitted that the concept of RPKI is a complex one and, as any other security technology, it generates doubts and concerns. “This is why we must work even harder on spreading the word about RPKI”, he stressed.
He highlighted the fact that during LACNIC XV many participants were able to understand the concept and usefulness of RPKI in the short to medium term. “They saw the importance of breaking the vicious circle and certifying their resources and were also motivated by their trust in LACNIC as an organization,” added Mr. Servín.
“Those few days were enough to make LACNIC the second RIR in terms of number of certified routes. This fact is very significant. We are the fourth registry (RIR) in terms of size and therefore our available resources are not the same as those of registries. However, having achieved the second place in terms of the percentage of assigned resources fills us with pride. We believe this shows that we are on the right track and can turn RPKI into a successful technology that will benefit the Internet,” he concluded.