RPKI and BGP: our path to securing Internet Routing
Cloudflare has started deploying active filtering using RPKI (Resource Public Key Infrastructure) for routing decisions and signing its routes, aiming to protect users from route hijacks and misconfigurations. The company is also encouraging adoption of Route Origin Validation on the Internet by providing this service to everyone for free. Cloudflare's approach involves signing prefixes through regional internet registries (RIR) portals or APIs, validating certificates, distributing RPKI cache securely via its own content delivery network, and using a lightweight local RTR server. The company is also working on providing a public RTR server using its Spectrum service.
Company
Cloudflare
Date published
Sept. 19, 2018
Author(s)
Jérôme Fleury, Louis Poinsignon
Word count
1595
Hacker News points
None found.
Language
English