Hi All,
The MIXP has taken a further step in helping to reduce the potential for routing abuse, by digitally signing the network prefixes that it uses for operating the IXP in Mauritius. This is part of its ongoing programme to grow and foster best practices in IXP management, and teaching networks best peering practices.
RPKI is a mechanism for cryptographically signalling which Internet network (or, in technical terms, which origin autonomous system) is allowed to publish a routing statement for a block of IP addresses. This is one of the techniques that has become widespread to help combat some of the attempts at hijacking network address space; a very real problem that exists on the Internet, and one that is likely going to get worse, as it becomes more and more difficult to get additional IPv4 address space.
Three weeks ago, the MIXP took the important step of dropping all routing announcements, that are considered to be a violation of this policy, that go through the MIXP routing infrastructure. We did this, after research into the networks prefixes that are announced at the MIXP, and after working with participating domestic operators to clean up their networks.
Over the past week, the MIXP team signed the network prefixes (IP addresses) that we use for the MIXP infrastructure. This means that any well-run network, that participates in using RPKI, will automatically be immune to routing hijacks for the MIXP address space, and is considered global best practice. The MIXP team is hoping to encourage more network operators in Mauritius to start using RPKI, and hopes to start running training classes on this soon.
During this process, we uncovered a bug in the AFRINIC RPKI system, that we are working with AFRINIC to resolve. This highlights, the need for operators to “get their hands dirty” with newer technologies, so that they earn confidence, and make sure that the supporting systems around this, are built to scale, and support operator needs.
mixp-announcement@lists.mixp.org