nanog mailing list archives
RE: CAIDA and Internet2 are working on a tool to assist network operators plan their RPKI-ROAs
From: Ron Yokubaitis via NANOG <nanog () lists nanog org>
Date: Fri, 31 Oct 2025 15:19:14 +0000
[sad] Ron Yokubaitis reacted to your message: ________________________________ From: Steven Wallace via NANOG <nanog () lists nanog org> Sent: Thursday, October 30, 2025 5:25:44 PM To: nanog () nanog org <nanog () nanog org>; North American Network Operators Group <nanog () lists nanog org> Cc: James Deaton <jdeaton () internet2 edu>; Matthew Luckie <mjl () caida org>; Steven Wallace <ssw () internet2 edu> Subject: CAIDA and Internet2 are working on a tool to assist network operators plan their RPKI-ROAs You can kick the tires here: https://urldefense.proofpoint.com/v2/url?u=https-3A__rootbeer.testing.ns.internet2.edu_roa-2Dplanner_&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=cGrDT0liF-gD_o4EJ7o_qg&m=wgmMkIOXEorDvhnLu0EJRyq7vJxH6Hnj012onAvwwg5ZVYQgmVs3NAIm0zh_7q7U&s=fRGzTIu9XgEHcCsmSt5vowLRVplth4M46c3JhOlU8s4&e= The implementation remains fragile and will be unavailable intermittently, but we hope to improve it over the next couple of weeks. Please send me (ssw () internet2 edu) any suggestions, concerns, etc. From the help page: The RPKI-ROA Planner is a tool designed to help network operators efficiently plan their Route Origin Authorizations (ROAs), which are vital for securing BGP routing. To generate a comprehensive set of ROA recommendations for a user-supplied IP prefix, the Planner aggregates routing and registration information from four key sources: - Internet Routing Registry (IRR): Route Objects are gathered from services like https://urldefense.proofpoint.com/v2/url?u=https-3A__stat.ripe.net_data_whois_&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=cGrDT0liF-gD_o4EJ7o_qg&m=wgmMkIOXEorDvhnLu0EJRyq7vJxH6Hnj012onAvwwg5ZVYQgmVs3NAIm0zh_7q7U&s=_t175830ywF6B-Uhst1GMDbcXEvqcMOxiAkphHtjlDA&e=. - Regional Internet Registries (RIRs): IP registration data is fetched from sources such as https://urldefense.proofpoint.com/v2/url?u=https-3A__rdap.arin.net_registry_ip_&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=cGrDT0liF-gD_o4EJ7o_qg&m=wgmMkIOXEorDvhnLu0EJRyq7vJxH6Hnj012onAvwwg5ZVYQgmVs3NAIm0zh_7q7U&s=m6dfLp0D89Cuzoq6K8yVAFNKuLq_PRfmMIw2gIUO6MI&e=. - Routing History: Historical routing data is analyzed using services like RIPEstat (https://urldefense.proofpoint.com/v2/url?u=https-3A__stat.ripe.net_data_routing-2Dhistory&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=cGrDT0liF-gD_o4EJ7o_qg&m=wgmMkIOXEorDvhnLu0EJRyq7vJxH6Hnj012onAvwwg5ZVYQgmVs3NAIm0zh_7q7U&s=to3En-Oyq78eiAq3wxYqpsaI5FnBPcMxmrCqgYadZng&e=). - Global Route Views: The Planner includes routes observed in the global research and education community (via Routeviews). Crucially, these routes may be longer (more specific) than those typically seen in the Default-Free Zone (DFZ). Assumption: If a route was observed in the past, is currently visible, or is documented in an IRR object, it is a candidate for a new ROA. It excludes any candidate routes that are already covered by an existing, valid ROA, ensuring you only focus on what's missing. All candidate routes are presented to you in the table. You have full control to deselect individual routes or use age filters to exclude older, potentially stale data before the final ROA set is calculated. The Planner prioritizes generating multi-prefix ROAs (covering multiple routes with one authorization) over single-prefix ROAs. Using multi-prefix ROAs is the recommended best practice for maintaining cleaner, more efficient RPKI records. thanks! Steven Wallace Director - Routing Integrity Internet2 ssw () internet2 edu _______________________________________________ NANOG mailing list https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.nanog.org_archives_list_nanog-40lists.nanog.org_message_POCE6AEW6H4JWERF5TE5V3YLDBCS3WT6_&d=DwICAg&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=cGrDT0liF-gD_o4EJ7o_qg&m=wgmMkIOXEorDvhnLu0EJRyq7vJxH6Hnj012onAvwwg5ZVYQgmVs3NAIm0zh_7q7U&s=3Ril4s1OcaHzkd4l_be6OvyBdMwdP5HmJGS5-Lumf0s&e= _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog () lists nanog org/message/I6LRA4ZRGOTAOO7RVCG6MSHTIQAGX7LC/
Current thread:
- CAIDA and Internet2 are working on a tool to assist network operators plan their RPKI-ROAs Steven Wallace via NANOG (Oct 30)
- Re: CAIDA and Internet2 are working on a tool to assist network operators plan their RPKI-ROAs niels=nanog--- via NANOG (Oct 30)
- Re: CAIDA and Internet2 are working on a tool to assist network operators plan their RPKI-ROAs Malte Tashiro via NANOG (Oct 30)
- Re: CAIDA and Internet2 are working on a tool to assist network operators plan their RPKI-ROAs Job Snijders via NANOG (Oct 30)
- Re: CAIDA and Internet2 are working on a tool to assist network operators plan their RPKI-ROAs Steven Wallace via NANOG (Oct 31)
- Re: CAIDA and Internet2 are working on a tool to assist network operators plan their RPKI-ROAs niels=nanog--- via NANOG (Oct 31)
- Re: CAIDA and Internet2 are working on a tool to assist network operators plan their RPKI-ROAs Malte Tashiro via NANOG (Oct 30)
- Re: CAIDA and Internet2 are working on a tool to assist network operators plan their RPKI-ROAs niels=nanog--- via NANOG (Oct 30)
- RE: CAIDA and Internet2 are working on a tool to assist network operators plan their RPKI-ROAs Ron Yokubaitis via NANOG (Oct 31)
- Re: CAIDA and Internet2 are working on a tool to assist network operators plan their RPKI-ROAs Javier J via NANOG (Oct 31)
- Re: CAIDA and Internet2 are working on a tool to assist network operators plan their RPKI-ROAs Michael Brown via NANOG (Oct 31)