Security News > 2021 > June > ARIN will take down its RPKI for 30 minutes to test your BGP routes

ARIN will take down its RPKI for 30 minutes to test your BGP routes
2021-06-03 06:40

As more and more networks are implementing Resource Public Key Infrastructure validation and signing of their BGP routes-to protect themselves against route hijacks and leaks, what should happen in case the critical RPKI goes down?

ARIN plans on performing unannounced maintenance of its RPKI, sometime in July, for about thirty minutes to check if networks are adhering to BGP best practices.

Last month, as reported by BleepingComputer, one of America's largest broadband providers, Comcast implemented RPKI on its network to block BGP hijacking attacks and leaks.

This week, ARIN announced that they plan on taking down their RPKI by surprise, for about 30 minutes, sometime in July this year.

"We want to ensure that ARIN and the greater RPKI community are prepared in the unlikely event that access to ARIN's RPKI repository becomes unavailable."

"To that end, we encourage operators utilizing ARIN's RPKI repository data to follow the best practices as described in RFC 7115 / BCP 185 - specifically falling back to routing on unvalidated announcements in the absence of RPKI data availability," says Brad Gorman, Senior Product Owner, Routing Security at ARIN. As such, organizations that rely on ARIN's RPKI route classification should review their operational model before next month, which is when the surprise maintenance will occur.


News URL

https://www.bleepingcomputer.com/news/security/arin-will-take-down-its-rpki-for-30-minutes-to-test-your-bgp-routes/