- ARIN continues to prioritize enhancing routing security through significant efforts in improving RPKI and IRR services.
- Recent updates include consolidation of RPKI and IRR management into a single section in ARIN Online, streamlining processes and increasing visibility.
- Future plans involve developing a new BGP security product and reintroducing RPKI/IRR integration functionality to further enhance routing security.
ARIN is intensifying efforts to boost routing security, streamlining RPKI and IRR services. Future initiatives include a new BGP security tool.
Also read: ARIN 53 conference set to take place in Bridgetown, Barbados
Enhancing routing security: ARIN’s ongoing efforts
Encouraging and enhancing routing security remains a top priority for ARIN, with significant efforts dedicated to improving the Resource Public Key Infrastructure (RPKI) and Internet Routing Registry (IRR) services over the past year. These efforts will continue throughout 2024 as further upgrades and adjustments are implemented, streamlining processes and adding features to facilitate an increasingly efficient and effective RPKI experience.
Recent updates: Streamlining RPKI and IRR management
In February, substantial changes were made to the navigation of RPKI and IRR management in ARIN Online, consolidating them into a single Routing Security section. This update increased the visibility of organizations’ eligibility for ARIN’s routing security services and introduced an ‘Org picker’ to simplify switching between Orgs while managing RPKI and IRR.
OUR TAKE:
While ARIN’s efforts to enhance routing security are commendable, it is crucial to ensure that these improvements do not solely benefit large organisations with extensive resources. It is essential to promote accessibility and education for smaller entities to foster a more inclusive and secure internet ecosystem. Furthermore, the success of these initiatives will depend on effective collaboration with global stakeholders and the continuous adaptation to emerging threats in the cyber landscape.
——Tilly Lu, BTW Reporter
May saw the deployment of changes to how Hosted and Delegated RPKI are managed. Most notably, the requirement to generate a public/private key pair and sign Resource Certificates and Route Origin Authorizations (ROAs) in ARIN Online was removed, streamlining the ROA creation interface. The ticketing process for Hosted or Delegated RPKI signup and for creating ROAs was also eliminated, simplifying and accelerating these procedures. Additionally, changes were introduced to the RESTful API, allowing users of Hosted RPKI to create and delete multiple ROAs through a single API call. Auto-renewal for any ROA created via ARIN Online or the new RESTful provisioning endpoint was implemented, ensuring all ROAs will persist indefinitely until manually deleted.
In August, the ultimate goal of Routing Security navigation improvements was achieved with the introduction of the unified Routing Security Dashboard, consolidating RPKI and IRR into a single table. Read-only viewing privileges for RPKI were extended to Abuse, Network Operation Center (NOC), and DNS Points of Contact in both ARIN Online and the RESTful API.
October brought updates to the RPKI Certified Resources Page in ARIN Online, changing the arrangement of columns and extending the visibility of RPKI changes to the Admin, Tech, and Routing Points of Contact, providing notifications via ARIN Online whenever a ROA is deleted.
Future initiatives: ARIN’s roadmap for improved routing security
Looking ahead to 2024, ARIN plans to develop a new BGP security product providing users of RPKI services with additional information based on the current BGP state. A new table in the ARIN Online RPKI dashboard will display near-real-time route announcements for the organization’s Internet number resources, showing the current RPKI validity state and any mismatches between BGP announcements and existing ROAs. Additionally, RPKI/IRR integration functionality will be reintroduced, prompting users to create corresponding route objects when creating ROAs.