RPKI Analysis

Resource Public Key Infrastructure (RPKI) is used to validate the BGP routes announced by an Autonomous System by verifying that the AS is authorized to originate the prefixes in an announced route. Kentik's RPKI implementation (see Using RPKI) is based on Cloudflare’s GoRTR. We determine the RPKI validation state associated with the router sending a flow and use that state to derive RPKI values that we assign to RPKI columns in the KDE flow record. Using those dimensions, we're able to generate visualizations and tables that show the correlation between flows and the RPKI status of the routes they used. In particular we identify sites (see About Sites) with traffic that is invalid and/or will be dropped if strict RPKI validation is enforced on the routers.

RPKI analysis is exposed in Kentik via the RPKI Analysis page (under Protect on the portal's main menu).

More coming soon…

Use RPKI Analysis to check the validity of routes announced by ASes.

© 2014- Kentik