Rpki

In the early phase of Russia - Ukraine war, Ukraine made a strange request to ICANN. They asked ICANN to remove .ru (Russian ccTLD) from the root DNS servers, revoke SSL certs for .ru and shut down root DNS servers hosted in Russia.

Here are the three requests they made:

Complete letter is here (and original source is here). This is going to be one of few notable cases where critical internet infrastructure is being weaponised. ICANN declined the request for good. Due to my limited understanding of Russia, Ukraine, US, EU, NATO etc I am not going to comment on the conflict itself. But coming to the critical infrastructure part - this reminds me of my earlier blog post on Doomsday and DNS resolution.

And a blog post after a while. Last few months went busy with RPKI. After my last post about RPKI and the fact that India was lacking a little bit on RPKI ROA front, we started with a major push by a set of like-minded folks like us. For now, Indian signed table has jumped from 12% since Aug to 32% now in Oct. Detailed graphs and other data can be found here on the public Grafana instance.

So based on my friend - Abdul Awal’s tweet, I started looking at the latest RPKI ROA data for India. His Tweet came when I was in the middle of moving my blog from WordPress running over LXC containers to now WordPress over docker with Bitnami image. Bit of optimisation is still pending.

My routing security project with @nsrcworld & @mozilla started in Oct-19 to improve #RPKI deployment in South Asia+Myanmar. The two graphs show tremendous growth in RPKI and how #INDIA is lagging behind. @anurag_bhatia @RoutingMANRS @routinator3000 @AbuseIp @routingtablepod pic.twitter.com/HAb93XED5C

In Melbourne for the week for APRICOT 2020. Someone jokingly said it’s should be “APRICOT and RPKI 2020”. :-)

It seems like both JPNIC and TWNIC are doing a good job at promoting their member operators in Japan & Taiwan for signing ROA. I thought to check for the status in India to find how India is doing.

 

RPKI ROA status for India

1. Total prefixes: 40,834 (IPv4 + IPv6)
2. Prefixes with valid ROA: 4693
3. Prefixes with invalid ROA: 354
4. Prefixes without ROA: 35,787

 

Just finished with SANOG 26 conference and tutorials. It went very nice. Interestingly this time conference did not start early morning like it did in SANOG 24 at Noida. It was rather late in afternoon. Also, on very good note - there were less Govt. bureaucrats to bore attendees with usual stuff they always talk about but have very little idea. One specific interesting presentation was  Opportunities and Challenges for Broadband Wireless in India by Prof Abhay Karandikar (from IIT Mumbai). In start I felt it to be usual crappy 5G talk but later realized it was much more interesting. I loved the idea “Have 2Mbps everywhere static broadband and not some absurd number on mobile wireless broadband as we hear in case of 3G/4G. Although 2Mbps now is much slower and I would rather suggest that we target for 10Mbps everywhere (something which can be supported by copper/coax/fiber hybrid) but anyways it was nice refreshing talk. His thoughts were interesting but mostly impractical since had high dependence on useless project like NOFN. For the next part, we had a nice theme of keeping network simple which everyone kind of liked. Simplicity in Network Design & Deployments by Dany Pinto (from Colt) and Unified Forwarding with Segment Routing by Mohan Nanduri (from Microsoft Azure Cloud WAN team) were part of that. Santanu Dasgupta gave a presentation about Challenges of L2NID based Metro-E Architecture for vCPE/NFV Deployments and kind of confused everyone. :P