[RPKI-Discuss] Additional uses of RPKI

Mark Tinka mark.tinka at seacom.mu
Thu Apr 11 05:35:01 UTC 2019

On 10/Apr/19 20:56, Daniel Shaw via RPKI-Discuss wrote:

> I'll also branch this into a separate thread/topic, keeping to rpki-discuss. Just because I found it interesting that not only is RPKI here already, but it's already being used additionally to routing validation.
> See here: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html#prepare-for-byoip
> AWS has an interesting service that allows for the use of your own IPv4 resources within AWS anywhere you can use a public IP. For the time being this only supports resources from RIPE or ARIN. But in time that may expand to the other RIRs including AFRINIC. Who knows. The interesting part is that to implement this if you have ARIN or RIPE resources, you have to create a ROA! You must create a ROA that authorises the Amazon ASNs to originate your prefix you intend to use in AWS. You cannot bring your IPs until you do that (-:
> And now back to your usual daily programming.

This is an issue we came across in the past week since going live with ROV.

We found a network that was announcing its prefix from 2 ASN's (one from
themselves, and one from their provider, for some kind of Anycast
service, I suspect). Both routes had ROA's but only one was authorized
for the correct ASN.


More information about the RPKI-Discuss mailing list