ARIN RPKI Updates and Upcoming Enhancements
Encouraging and enhancing routing security is a top priority for ARIN, with significant work dedicated over the past year to improving our Resource Public Key Infrastructure (RPKI) and Internet Routing Registry (IRR) services. These efforts will continue throughout 2024 as we implement further upgrades and adjustments, streamlining processes and adding features to facilitate an increasingly efficient and effective RPKI experience. Read on to learn about what took place in 2023 and what’s to come in 2024, as well as why customers utilizing the API should allocate time to transition to the new one.
2023 at a Glance
Last February we made substantial changes to the navigation of RPKI and IRR management in ARIN Online, consolidating them into a single Routing Security section. This update made the eligibility of organizations (Orgs) for ARIN’s routing security services more visible and introduced an ‘Org picker,’ making it easier to switch between Orgs while managing RPKI and IRR.
In May we deployed changes to how Hosted and Delegated RPKI are managed. Most notably, we removed the requirement to generate a public/private key pair and sign your Resource Certificates and Route Origin Authorizations (ROAs) in ARIN Online. This allowed for a streamlined ROA creation interface. The ticketing process for Hosted or Delegated RPKI signup and for creating ROAs was removed as well, simplifying and accelerating these procedures.
Additionally, changes were introduced to the RESTful API, enabling users of Hosted RPKI to create and delete multiple ROAs through a single API call. We also implemented auto-renewal for any ROA created via ARIN Online or the new RESTful provisioning endpoint, ensuring all ROAs will persist indefinitely until they are manually deleted.
The August release achieved one of the ultimate goals of our Routing Security navigation improvements by introducing the unified Routing Security Dashboard, which consolidates RPKI and IRR into a single table. We also extended read-only viewing privileges for RPKI to Abuse, Network Operation Center (NOC), and DNS Points of Contact in both ARIN Online and the RESTful API.
Finally, in October we updated the RPKI Certified Resources Page in ARIN Online to change the arrangement of columns, including combining the Net Handle and Net Name into a single column. We also extended the visibility of RPKI changes to the Admin, Tech, and Routing Points of Contact, providing notifications via ARIN Online whenever a ROA is deleted.
What’s Up Next
A lot of exciting things are on the horizon for RPKI in 2024. Most significantly, we plan to develop a new BGP security product that will provide users of RPKI services with additional information based on the current BGP state and enable them to make better informed routing security decisions.
We will be developing a new table in the ARIN Online RPKI dashboard with near-real-time route announcements for the organization’s Internet number resources, as seen in the global BGP table. This table will show the current RPKI validity state of the route announcements and display any mismatches between BGP announcements, existing ROAs, and the resulting RPKI validity state and offer suggestions on how to resolve any mismatches using current best practices.
We plan to reintroduce RPKI/IRR integration functionality, which will prompt users to create corresponding route objects when creating ROAs. This step will require positive confirmation, so the option remains yours, but our hope is that you will employ this functionality to strengthen your routing policies and enhance your security.
As always, we will closely follow newly ratified RPKI standards and best current practices as they’re issued by the Internet Engineering Task Force, as well as take into consideration suggestions customers provide through the ARIN Consultation and Suggestion Process (ACSP) and general feedback. If you have ideas for improving our services, we want to hear from you!
Learn about all the ways you can share your thoughts with us in this blog post: This is ARIN and We’re Listening!
Did We Forget to Mention the New API?
This blog has highlighted improvements in ARIN Online, but it is important to point out that in May of 2023 we also released a new RPKI API that offers significant improvements.
If your organization is still using the Legacy RPKI API endpoint to manage your ROA records, we encourage you to consider migrating to the new RPKI endpoint to manage those records. The new RPKI endpoint offers your organization the benefit of ROA autorenewal as well as the ability to create and delete ROAs in the same call.
We have been actively engaged in direct outreach to our API users to assist them in transitioning to the new endpoint by gauging the level of effort the process will take. Please check your inbox for the recent email you should have received from ARIN sharing the current ROA count of each of the Org IDs that require attention.
For more information on the new API, visit the RESTful Methods page.
Recent blogs categorized under: RPKI
GET THE LATEST!
Sign up to receive the latest news about ARIN and the most pressing issues facing the Internet community.
SIGN ME UP →Blog Categories
Grant Program • Tips • RPKI • Updates • IPv6 • Business Case for IPv6 • Internet Governance • Public Policy • Elections • ARIN Bits • Fellowship Program • Caribbean • Outreach • Training • IPv4 • Security • Data Accuracy • Customer Feedback • IRR