{"id":387,"date":"2021-09-05T17:45:00","date_gmt":"2021-09-05T17:45:00","guid":{"rendered":"https:\/\/rtechblog.rg.net\/?p=387"},"modified":"2025-02-05T17:46:59","modified_gmt":"2025-02-05T17:46:59","slug":"revisiting-rpki-route-origin-validation-on-the-data-plane","status":"publish","type":"post","link":"https:\/\/rtechblog.rg.net\/?p=387","title":{"rendered":"Revisiting RPKI Route Origin Validation on the Data Plane"},"content":{"rendered":"\n<p>Nils Rodday, Italo Cunha, Randy Bush, Ethan Katz-Bassett, Gabi Dreo Rodosek, Thomas C. Schmidt, Matthias W\u00e4hlisch; <em><a href=\"https:\/\/archive.psg.com\/210913.tma-rpki.pdf\">Revisiting RPKI Route Origin Validation on the Data Plane<\/a><\/em>. TMA September 2021<\/p>\n\n\n\n<p>The adoption of the Resource Public Key Infrastructure (RPKI) is increasing, as are measurement activities to identify RPKI-based route origin validation (ROV). Several proposals try to identify Autonomous Systems (ASes) that deploy ROV using control plane as well as data plane measurements. We show why simple end-to-end measurements may lead to incorrect identification of ROV. In this paper we evaluate data plane traceroute measurements as a mechanism to extend coverage and provide a reproducible method for ROV identification using RIPE Atlas. Moreover, we extend the current state-of-the-art by identifying ROV performed by route servers at Internet Exchange Point (IXP) and using an include list to differentiate between fully and partially ROV-enforcing ASes. Our measurements from 5537 vantage points in 3694 ASes infer ROV is deployed in 206 unique ASes: 10 with strong confidence, 12 with weak confidence, and 184 indirectly adopting ROV via filtering by IXP route servers.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Nils Rodday, Italo Cunha, Randy Bush, Ethan Katz-Bassett, Gabi Dreo Rodosek, Thomas C. Schmidt, Matthias W\u00e4hlisch; Revisiting RPKI Route Origin Validation on the Data Plane. TMA September 2021 The adoption of the Resource Public Key Infrastructure (RPKI) is increasing, as are measurement activities to identify RPKI-based route origin validation (ROV). Several proposals try to identify [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11,10,9,7],"tags":[],"class_list":["post-387","post","type-post","status-publish","format-standard","hentry","category-conferences","category-measurement","category-routers","category-security"],"_links":{"self":[{"href":"https:\/\/rtechblog.rg.net\/index.php?rest_route=\/wp\/v2\/posts\/387","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rtechblog.rg.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rtechblog.rg.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rtechblog.rg.net\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/rtechblog.rg.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=387"}],"version-history":[{"count":1,"href":"https:\/\/rtechblog.rg.net\/index.php?rest_route=\/wp\/v2\/posts\/387\/revisions"}],"predecessor-version":[{"id":388,"href":"https:\/\/rtechblog.rg.net\/index.php?rest_route=\/wp\/v2\/posts\/387\/revisions\/388"}],"wp:attachment":[{"href":"https:\/\/rtechblog.rg.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=387"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rtechblog.rg.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=387"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rtechblog.rg.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=387"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}