MSK-IX enhances support for routing security by implementing RPKI

May 20, 2019

MSK-IX has deployed for its members validation of network routes based on RPKI (Resource Public Key Infrastructure) framework.

RPKI provides a way to connect IP addresses and routing resources to their owners by using digital certificates. The use of RPKI improves the resilience of the Internet routing against the attacks and incidents related to BGP hijacking. Since May 2019, the route filtering algorithms at the MSK-IX route servers include validation of the digitally signed Route Origination Authorisations (ROAs).

«The key stage in our implementation of RPKI was communication with MSK-IX participants in order to eliminate ROA errors in IRR databases,» said MSK-IX CTO Alexander Ilin. «As a result, the number of routes on the MSK-IX route servers with rejected ROA certificates decreased by 40%. To minimise the risks of BGP hijacks, the use of RPKI should become standard practice for all Internet networks.»

MSK-IX was one of the first IXPs to join MANRS (http://www.manrs.org/ixps), a global initiative supported by the Internet Society aimed to build a robust and secure routing infrastructure. MANRS recommended actions include preventing propagation of incorrect routing information. As of the beginning of 2019, support for MANRS was declared by over 120 Internet operators and 28 IXPs.