Excitel is not BGP safe

I am getting safe at my end.
 
Your ISP (Atria Convergence Technologies Ltd., AS24309) does not implement BGP safely. It should be using RPKI to protect the Internet from BGP hijacks.
 
testing valid ROA...[passed]

testing invalid ROA (5sec)...[passed]

Your ASN is AS55577, your prefix is 183.83.7.9/22 and your network is dropping RPKI invalid BGP routes.
 
john_dud said:
It's not too difficult to implement either

teamarin.net

Implementing RPKI: It’s Easier Than You Think

Andrew Gallo, Principal IT Architect and Network Engineer at George Washington University, explains the importance of implementing RPKI and why it may be easier than you think.
teamarin.net teamarin.net
Click to expand...
That's not totally true. It greatly depends on the platforms. A large number of small ISPs use Mikrotik across the world and it doesn't support RPKI RTR as yet in stable release. It's there in beta but ISPs cannot run production network on beta version of the OS. There have been challenges of platforms even crashing when enabling RPKI RTR.

So whether it's easy or hard depends on:
  1. Which routers are being deployed on the edge
  2. Who actually runs the network. If it's internal team, deployment becomes just a project to deploy. But if it's outsourced, it becomes a grand project to get senior management approval, get cost estimates, and actually deploy it. So this makes it hard procedure wise (unfortunately).
 
My guess is, excitel is presently using 6wind vrouter solution. Rest @philip marlowe can tell, whats excitel stand on rpki implementation like ip v6 public ip
 
Anurag Bhatia said:
That's not totally true. It greatly depends on the platforms. A large number of small ISPs use Mikrotik across the world and it doesn't support RPKI RTR as yet in stable release. It's there in beta but ISPs cannot run production network on beta version of the OS. There have been challenges of platforms even crashing when enabling RPKI RTR.

So whether it's easy or hard depends on:
  1. Which routers are being deployed on the edge
  2. Who actually runs the network. If it's internal team, deployment becomes just a project to deploy. But if it's outsourced, it becomes a grand project to get senior management approval, get cost estimates, and actually deploy it. So this makes it hard procedure wise (unfortunately).
Click to expand...
Quagga, BIRD & FRR all support RPKI. If RouterOS doesn't support it yet then it's on Mikrotik.
 
Quagga, BIRD & FRR all support RPKI. If RouterOS doesn't support it yet then it's on Mikrotik.
Click to expand...

Mikrotik doesn't support RPKI RTR in stable release yet. Quagga is bit old, it's forked version FRR is better maintained and more popular these days. Both FRR and bird are simply routing daemons and slowly picking up in West specially on datacenter fabric. They aren't common at all in India beyond IXPs. Large number of small ISPs use Mikrotik or Huawei. Once they grow at some scale, they typically jump into Nokia 7705 kind of devices. I am not saying these are best choices but it is what it is and thus keep RPKI deployment expectation in line with those platforms.
 

Top