Internet2

close
Use Internet2 SiteID

Already have an Internet2 SiteID?
Sign in here.

Internet2 SiteID

Your organization not listed? Create a local account to use Internet2 services.

Create SiteID

News

Call for Participation: Resource Public Key Infrastructure Pilot Program

Posted on Jan 23, 2017 by Sara Aly
Tags: Advanced Network Services

Internet2 and the George Washington University’s Capital Area Advanced Research and Education Network (CAAREN) encourage members to participate in a pilot program to improve the security and resiliency of the global internet routing infrastructure.

by Andrew Gallo (George Washington University) and Karl Newell (Internet2)

Internet2 and the George Washington University’s Capital Area Advanced Research and Education Network (CAAREN) announce the start of a pilot program to improve the security and resiliency of the global internet routing infrastructure. The Resource Public Key Infrastructure (RPKI) addresses a critical shortcoming in internet routing; namely, the ability to verify that an organization has the authority to claim a specific block of IP addresses for its network identity.

Given the internet’s complex network infrastructure, it is a common practice for network operators to use the Border Gateway Protocol (BGP) to share routing and topology data. BGP has been a successful, long lived, and stable protocol, but like much in the early days of the internet, it continues to rely primarily on trust.  

RPKI mirrors the IP address assignment hierarchy with a chain of certificates that can be collected and verified to ensure that the proper organization is advertising a specific block of IPv4 or IPv6 addresses. CAAREN was an early RPKI adopter, creating route origin authorizations (ROAs) in 2014.

Adoption of RPKI, especially in North America, remains low, leaving organizations at risk of intentional or accidental route hijacking. A well-known route hijack occurred in 2008 when Pakistan Telecom announced the routes for Youtube, which resulted in Youtube becoming unavailable worldwide.

Internet access is critical to Internet2 members, and currently there is risk of disruption in the event of a route hijacking. RPKI is an important step to add authoritative and cryptographically secure methods of verification to the global internet route infrastructure. 

Implementing an RPKI program is neither expensive nor difficult. RPKI benefits from the “network effect,” where more participation makes the system more valuable. CAAREN felt that is was important to lead by example and begin an RPKI program.  

We encourage Internet2 members to support and participate in a pilot deployment of RPKI. The goal of the project is to gather information about the initial deployment and ongoing operation. This information will be used to develop deployment and operational best practices for all members. 

For more information about the RPKI pilot program, please see our Frequently Asked Questions, or email rpki-questions@internet2.edu. To learn more about RPKI, read Andrew Gallo’s article in the EDUCAUSE Review.