Identifying issues and problems with IRR-based filtering and RPKI
Prefix hijacking is a well-known problem of Internet routing. As of today, a technique typically deployed to counter prefix hijacking is strict IRR-based peer filtering. However, strict filtering may be challenging for various reasons and, hence, is unfortunately not entirely applied.
To improve Internet routing security and to overcome challenges of strict IRR-based peer filtering, RPKI has been proposed. Currently, RPKI origin validation is supported by most RIRs and modern router operating systems. However, recent statistics show that only a limited number of ASes actually deploy RPKI in any form.
With this survey, we aim at identifying issues and problems with IRR-based filtering and RPKI from the operational community’s point of view and try to quantify the number of ASes actively participating in RPKI. Your input is highly appreciated!
Participating in the survey should not take longer than 10 minutes and is completely anonymous. The survey is opened from 15.12.2014 to 09.01.2015 at https://www.dasec.h-da.de/survey/
Aggregated results of this survey will be published on the da/sec-Biometrics and Internet Security Research Group’s website.
If you have any questions in advance, please do not hesitate to get in touch with Sebastian Abt.
Thank you for your participation!