[RPKI-discuss] How to announce your ROAs to global internet

Arturo Servin aservin at lacnic.net
Tue Dec 18 12:45:39 SAST 2012 

 
As I mentioned in a previous email it seems a problem in the validator-cache where the router gets the ROAs.

as

Gaurav Kansal <gaurav.kansal at nic.in> wrote:

>Hi Alian,
>
>Now i am getting a Valid state in RIPE NCC Validator.
>But still in the rpki-rtr.ripe.net test router, it is showing RPKI
>State Not Found (i.e., for my resource 14.139.8.0/24).
>
>
>Can you pl. explain me whether there is any issue at my end or it is an
>issue at RIPE Test Router end?
>
>
>Regards,
>Gaurav
>
>
>On 12/18/12, ALAIN AINA  <aalain at afrinic.net> wrote:
>> 
>> On Dec 17, 2012, at 11:49 PM, Carlos M. Martinez wrote:
>> 
>> > You can try out rcynic
>> 
>> 
>> http://subvert-rpki.hactrn.net/trunk/rcynic/
>> 
>> > or BBN's validator.
>> 
>> http://sourceforge.net/projects/rpstir/
>> 
>> 
>> Let us know if you need more help
>> 
>> Thanks
>> 
>> --Alain
>> 
>> 
>> > 
>> > regards
>> > 
>> > Carlos
>> > 
>> > On 12/17/12 5:31 PM, Gaurav Kansal wrote:
>> >> Ok.
>> >> 
>> >> Is there any open-source validator available other than RIPE's one
>through
>> >> which I can check my resources.
>> >> 
>> >> 
>> >> 
>> >> Thanks. 
>> >> 
>> >> 
>> >> 
>> >> -----Original Message-----
>> >> From: rpki-discuss-bounces at afrinic.net
>> >> [mailto:rpki-discuss-bounces at afrinic.net]
><rpki-discuss-bounces at afrinic.net]> On Behalf Of Arturo Servin
>> >> Sent: Tuesday, December 18, 2012 12:57 AM
>> >> To: rpki-discuss at afrinic.net
>> >> Subject: Re: [RPKI-discuss] How to announce your ROAs to global
>internet
>> >> 
>> >> 
>> >> 
>> >> 
>> >> 
>> >> I mean, in our validator we can see the ROA.
>> >> 
>> >> 
>> >> 
>> >> However in rpki-rtr.ripe.net the route is unknow. But the
>> >> same is for our routes that we signed and created ROAs long ago.
>> >> 
>> >> 
>> >> 
>> >> It seems that the cache connected to the router
>> >> (rpki-rtr.ripe.net) do not have all the TAs configured.
>> >> 
>> >> 
>> >> 
>> >> Regards,
>> >> 
>> >> as
>> >> 
>> >> 
>> >> 
>> >> On 17/12/2012 17:15, Arturo Servin wrote:
>> >> 
>> >>> Gaurav,
>> >> 
>> >>> 
>> >> 
>> >>> It is there in APNIC repository.
>> >> 
>> >>> 
>> >> 
>> >>> origin-as 55824 14.139.8.0/24 Max len 24 TA:
>> >> apnic->iana
>> >> 
>> >>> 
>> >> 
>> >>> Do you have the 5 APNIC TAs in your validator? You may have
>> >> the old TA.
>> >> 
>> >>> 
>> >> 
>> >>> 
>> >> 
>> >>> Regards,
>> >> 
>> >>> .as
>> >> 
>> >>> 
>> >> 
>> >>> 
>> >> 
>> >>> On 17/12/2012 16:55, Gaurav Kansal wrote:
>> >> 
>> >>>> Dear Carlos,
>> >> 
>> >>>> 
>> >> 
>> >>>> Thanks for the nice explanation.
>> >> 
>> >>>> I had generated ROA for my resource 14.139.8.0/24 about 8-10
>hours back.
>> >> 
>> >>>> But till now, in RIPE NCC Validation Application, i am not
>getting my 
>> >> 
>> >>>> resource.
>> >> 
>> >>>> Initially, in RIPE RPKI Test Router (rpki-rtr.ripe.net), i was 
>> >> 
>> >>>> getting RPKI State Valid, but now it is showing RPKI State not
>found.
>> >> 
>> >>>> 
>> >> 
>> >>>> I don't know what happens and why it is showing RPKI State not
>found, 
>> >> 
>> >>>> although in the APNIC account, i am able to see my certificate.
>> >> 
>> >>>> 
>> >> 
>> >>>> Regards,
>> >> 
>> >>>> Gaurav
>> >> 
>> >>>> 
>> >> 
>> >>>> 
>> >> 
>> >>>> 
>> >> 
>> >>>> On 12/18/12, *"Carlos M. Martinez" * <
><mailto:carlosm3011 at gmail.com <carlosm3011 at gmail.com>>
>> >> carlosm3011 at gmail.com> wrote:
>> >> 
>> >>>>> Dear Gaurav,
>> >> 
>> >>>>> 
>> >> 
>> >>>>> ROAs go into repositories. RPs (relying parties, that is people
>or 
>> >> 
>> >>>>> organizations using RPKI) will fetch them from these public
>> >> repositories.
>> >> 
>> >>>>> 
>> >> 
>> >>>>> If you install a validating cache utility, for example RIPE
>NCC's 
>> >> 
>> >>>>> Validation Application, it will fetch the ROAs from the
>repositories 
>> >> 
>> >>>>> and you will be able to monitor whether your ROA is being
>published
>> >> correctly.
>> >> 
>> >>>>> 
>> >> 
>> >>>>> Warm regards,
>> >> 
>> >>>>> 
>> >> 
>> >>>>> ~Carlos
>> >> 
>> >>>>> 
>> >> 
>> >>>>> On 12/17/12 4:42 PM, Gaurav Kansal wrote:
>> >> 
>> >>>>>> Dear Team,
>> >> 
>> >>>>>> 
>> >> 
>> >>>>>> I just create a sign ROA for my resources using APNIC Sign ROA
>utility.
>> >> 
>> >>>>>> Now, do i have to announce that ROA separately or it will 
>> >> 
>> >>>>>> automatically reach to the global internet through APNIC list?
>> >> 
>> >>>>>> 
>> >> 
>> >>>>>> 
>> >> 
>> >>>>>> --
>> >> 
>> >>>>>> Thanks n Regards,
>> >> 
>> >>>>>> GAURAV KANSAL
>> >> 
>> >>>>>> 9910118448
>> >> 
>> >>>>>> VoIP - 6259
>> >> 
>> >>>>>> Operation And Routing Unit
>> >> 
>> >>>>>> NIC , NEW DELHI
>> >> 
>> >>>>>> 
>> >> 
>> >>>>>> Please don't print this e-mail until & unless you really need,
>it 
>> >> 
>> >>>>>> will save Trees on Planet Earth.
>> >> 
>> >>>>>> IPv4 is Over,
>> >> 
>> >>>>>> Are your ready for new Network.
>> >> 
>> >>>>>> 
>> >> 
>> >>>>>> 
>> >> 
>> >>>>>> _______________________________________________
>> >> 
>> >>>>>> RPKI-discuss mailing list
>> >> 
>> >>>>>> <mailto:RPKI-discuss at afrinic.net <RPKI-discuss at afrinic.net>>
>RPKI-discuss at afrinic.net
>> >> 
>> >>>>>> <https://lists.afrinic.net/mailman/listinfo.cgi/rpki-discuss>
>> >> https://lists.afrinic.net/mailman/listinfo.cgi/rpki-discuss
>> >> 
>> >>>>>> 
>> >> 
>> >>>> --
>> >> 
>> >>>> Thanks n Regards,
>> >> 
>> >>>> GAURAV KANSAL
>> >> 
>> >>>> 9910118448
>> >> 
>> >>>> VoIP - 6259
>> >> 
>> >>>> Operation And Routing Unit
>> >> 
>> >>>> NIC , NEW DELHI
>> >> 
>> >>>> 
>> >> 
>> >>>> Please don't print this e-mail until & unless you really need,
>it 
>> >> 
>> >>>> will save Trees on Planet Earth.
>> >> 
>> >>>> IPv4 is Over,
>> >> 
>> >>>> Are your ready for new Network.
>> >> 
>> >>>> 
>> >> 
>> >>>> 
>> >> 
>> >>>> _______________________________________________
>> >> 
>> >>>> RPKI-discuss mailing list
>> >> 
>> >>>> <mailto:RPKI-discuss at afrinic.net <RPKI-discuss at afrinic.net>>
>RPKI-discuss at afrinic.net
>> >> 
>> >>>> <https://lists.afrinic.net/mailman/listinfo.cgi/rpki-discuss>
>> >> https://lists.afrinic.net/mailman/listinfo.cgi/rpki-discuss
>> >> 
>> >>>> 
>> >> 
>> >>> _______________________________________________
>> >> 
>> >>> RPKI-discuss mailing list
>> >> 
>> >>> <mailto:RPKI-discuss at afrinic.net <RPKI-discuss at afrinic.net>>
>RPKI-discuss at afrinic.net
>> >> 
>> >>> <https://lists.afrinic.net/mailman/listinfo.cgi/rpki-discuss>
>> >> https://lists.afrinic.net/mailman/listinfo.cgi/rpki-discuss
>> >> 
>> >>> 
>> >> 
>> >> _______________________________________________
>> >> 
>> >> RPKI-discuss mailing list
>> >> 
>> >> <mailto:RPKI-discuss at afrinic.net <RPKI-discuss at afrinic.net>>
>RPKI-discuss at afrinic.net
>> >> 
>> >> <https://lists.afrinic.net/mailman/listinfo.cgi/rpki-discuss>
>> >> https://lists.afrinic.net/mailman/listinfo.cgi/rpki-discuss
>> >> 
>> >> 
>> >> _______________________________________________
>> >> RPKI-discuss mailing list
>> >> RPKI-discuss at afrinic.net
>> >> https://lists.afrinic.net/mailman/listinfo.cgi/rpki-discuss
>> >> 
>> > _______________________________________________
>> > RPKI-discuss mailing list
>> > RPKI-discuss at afrinic.net
>> > https://lists.afrinic.net/mailman/listinfo.cgi/rpki-discuss
>> 
>> 
>> 
>--
>Thanks n Regards, 
>GAURAV KANSAL 
>9910118448 
>VoIP - 6259 
>Operation And Routing Unit 
>NIC , NEW DELHI 
>
>Please don't print this e-mail until & unless you really need, it will
>save Trees on Planet Earth. 
>IPv4 is Over,
>Are your ready for new Network.
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>RPKI-discuss mailing list
>RPKI-discuss at afrinic.net
>https://lists.afrinic.net/mailman/listinfo.cgi/rpki-discuss

-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.afrinic.net/pipermail/rpki-discuss/attachments/20121218/ab22c723/attachment.htm

More information about the RPKI-discuss mailing list