[lacnog] Your Input Needed: Can ROA Replace LOA? – Short Survey (7 mins)

Tomas Lynch tomas.lynch en gmail.com
Mar Nov 28 13:44:05 -03 2023


I'm surprised by the amount of big companies still using LOAs when you have
ROAs and IRRs. LOAs were fine in 1997 when there were 10 prefixes but not
now when advertising prefixes is so dynamic.

When I select a transit provider the first question I ask is how they
manage BGP filters. If they say "you need to send us an LOA" I completely
discard that provider, no matter the price. For me telling somebody to send
a prefix LOA is to tell: "we live in the 1950s so once we receive your LOA,
we are going to wait 10 years for the politburo approval and then we are
going to translate your prefixes to cuneiform and add them by hand to your
prefix list, yes, there could be errors and you will need to send a new
LOA".

Adding RPKI checks to your peering filters is very easy, also adding prefix
lists based on IRRs is easy. Then you are going to have more time to spend
on other activities.


On Mon, Nov 27, 2023 at 9:25 AM Carlos Martinez - Cagnazzo vía LACNOG <
lacnog en lacnic.net> wrote:

> Hi Chris,
>
>
> Thank you for reaching out regarding this research. I believe it's a topic
> very much worth discussing as IMO LOAs are always a disaster waiting to
> happen.
>
>
> I encourage members who find this issue relevant to to fill the survey and
> to bring further discussion to the list.
>
>
> @Chris, on the other hand I encourage you to produce a Spanish and a
> Portuguese version of the survey as language may be a significant barrier
> preventing you from getting more feedback.
>
>
> Warm regards,
>
>
> /Carlos
>
>
> On 11/27/23 1:04 AM, Christopher Hawker wrote:
>
> Hello everyone,
>
> Aftab Siddiqui is currently exploring the possibility of using Route
> Object Authorisations (ROAs) as a potential replacement to LOAs. Separate
> to this (and unknowing of Aftab's research), I had started a discussion on
> the RPKI Community guild on Discord (https://discord.gg/9jYcqpbdRE)
> discussing the usage of ROAs instead of LOAs.
>
> An LOA, or "Letter of Authority" / "Letter of Authorization," is a formal
> document granting permission for third parties to take specific actions
> regarding network resources or services. In the service provider industry,
> its primary use is for advertising address resources (IPv4/v6 and ASN).
> When an organization intends to announce its IP prefixes through its own or
> a transit provider's ASN to the global internet, it typically needs to
> provide an LOA to their transit provider, confirming their custodianship or
> ownership of the resources.
>
> RPKI ROA, stands for "Resource Public Key Infrastructure Route Origin
> Authorization," is part of a security framework designed to validate the
> authenticity of internet routing information. It involves a digitally
> signed object that specifies which Autonomous Systems (ASes) are permitted
> to announce specific IP address prefixes.
>
> Could you please take a moment to fill out our brief survey? Your feedback
> will play a crucial role in our understanding of this topic.
>
> Survey Link: https://www.surveymonkey.com/r/JCHLWBB
>
> Thanks,
> Christopher Hawker
>
> _______________________________________________
> LACNOG mailing listLACNOG en lacnic.nethttps://mail.lacnic.net/mailman/listinfo/lacnog
> Cancelar suscripcion: https://mail.lacnic.net/mailman/options/lacnog
>
> _______________________________________________
> LACNOG mailing list
> LACNOG en lacnic.net
> https://mail.lacnic.net/mailman/listinfo/lacnog
> Cancelar suscripcion: https://mail.lacnic.net/mailman/options/lacnog
>
------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: <https://mail.lacnic.net/pipermail/lacnog/attachments/20231128/bf8170c0/attachment.htm>


Más información sobre la lista de distribución LACNOG