Hi Dean, Thanks for the reply. Looks like I need to do some real world testing, instead of online research. Cheers, Bill On 2014-03-20 13:04, Dean Pemberton wrote:
Maybe...
At the moment because of the way that ARIN have chosen to allow people to use their RPKI trust anchor, your ROAs may just get ignored unless they are in a more accessible place.
The rpki.net framework installs the following trust anchors by default without the need for terms and conditions (ie in an open manner).
ca0.rpki.net localcert.ripe.net repo0.rpki.net repository.lacnic.net rpki-pilot.lab.dtag.de rpki-repository.nic.ad.jp rpki-testbed.apnic.net rpki.afrinic.net rpki.apnic.net rpki.ripe.net
Their webpage gives the following guidance: http://rpki.net/wiki/doc/RPKI/RP
"Also note that, at least for now, ARIN's trust anchor locator is absent from the default set of trust anchors. This is not an accident: it's the direct result of a deliberate policy decision by ARIN to require anyone using their trust anchor to jump through legal hoops (https://www.arin.net/resources/rpki/faq.html#tal). If you have a problem with this, complain to ARIN. If and when ARIN changes this policy, we will be happy to include their trust anchor locator along with those of the other RIRs."
Regards, Dean
On Wed, Mar 19, 2014 at 10:42 AM, Bill Walker
wrote: Hi All, Hoping someone can help. I am in the middle of a project to build 4 PoP's in Chicago, London, Sydney and Mumbai. As part of this I have been given the role of creating all the necessary Route objects etc. Our address space is from ARIN, but our ASN's are from RIPE, APNIC & ARIN. I have created as-set, aut-num and route objects in RADb to enable us to manage them from a single point. However I would like to setup ROA records for these route objects. I have setup RPKI with ARIN and created our first ROA object.
Onto my question, am I likely to have operational issues if the route objects are in RADb and the ROA with ARIN?
TIA,
Bill _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog