This user guide provides an overview of the NYIIX Resource Public Key Infrastructure filtering service (“IIX RPKI”) to guide your understanding of its operation, capabilities, and benefits.JOIN NYIIX TODAY!
On the Internet, it is common to advertise the prefixes of the network you manage with BGP and inform other networks of the route to that prefixes. However, if the wrong prefixes are advertised to other networks due to misconfiguration, etc., those prefixes will be routed to the wrong destination. Such a situation is called route hijacking.
RPKI stands for Resource Public Key Infrastructure, which can be used to support secure Internet routing and prevent route hijacking.
RPKI can be used to prove that given prefixes belong to you. You can prove it by obtaining a certificate signed by the organization that assigned those prefixes (ARIN, RIPE, or a regional Internet registry). With this signed certificate, you can prove to a third-party organization such as NYIIX that the prefixes really belong to you and that you have adequately announced the prefixes to our route servers.
See RFC 6480 or ARIN for more details. In addition, there is an excellent FAQ on RPKI here.
Enter your email to get in touch or find out more.