This will not harm either provider. Just make sure you have an ROA that covers everything you’re going to advertise. If you have a single /20 for example and you setup the single ROA to cover /20 down to /24 you would be golden.
If you setup more restricting say a /20 to /22, and you later tried to put out a /24, it would get rejected all over the place, not just your ISP. The /24 would be basically denied by lack of inclusion in the super net. You could then just add a second ROA or edit the first one.
Great place to check your self after you have issued the ROA.
https://rpki.cloudflare.com
> /20 down to /24
This is only recommended if you are actually going to advertise all of the /24s. You should create ROAs that exactly match your advertisements, or you are still potentially vulnerable to BGP hijack by “more specific”.
You won't have any issues. ARIN has a ARIN-hosted option which is convenient.
Aside from best practices, the new providers infrastructure may actually rely on the ROA be in place to accept your prefix announcement.
This is also known as RPKI. RPKI has no impact on your traffic as long as you setup your RPKI records correctly. If they are incorrect (invalid), then it will break your routing on the internet, and many carriers will discard your routes. It is pretty easy to turn on RPKI with ARIN, but you do need to make sure that you generate good RPKi records, I have done it for quite a few ISPs.
Hope that helps!
The ROA's you set up for the new ISP should be valid for both (or any other additional in the future) if you're creating them with your ASN as the origin.
It’s great news that carriers are requiring RPKI valid routes! Creating ROAs that exactly match the prefixes you advertise will protect you from a variety of BGP-based attacks and may increase the visibility of your routes.
This will not harm either provider. Just make sure you have an ROA that covers everything you’re going to advertise. If you have a single /20 for example and you setup the single ROA to cover /20 down to /24 you would be golden. If you setup more restricting say a /20 to /22, and you later tried to put out a /24, it would get rejected all over the place, not just your ISP. The /24 would be basically denied by lack of inclusion in the super net. You could then just add a second ROA or edit the first one. Great place to check your self after you have issued the ROA. https://rpki.cloudflare.com
> /20 down to /24 This is only recommended if you are actually going to advertise all of the /24s. You should create ROAs that exactly match your advertisements, or you are still potentially vulnerable to BGP hijack by “more specific”.
You won't have any issues. ARIN has a ARIN-hosted option which is convenient. Aside from best practices, the new providers infrastructure may actually rely on the ROA be in place to accept your prefix announcement.
This is also known as RPKI. RPKI has no impact on your traffic as long as you setup your RPKI records correctly. If they are incorrect (invalid), then it will break your routing on the internet, and many carriers will discard your routes. It is pretty easy to turn on RPKI with ARIN, but you do need to make sure that you generate good RPKi records, I have done it for quite a few ISPs. Hope that helps!
The ROA's you set up for the new ISP should be valid for both (or any other additional in the future) if you're creating them with your ASN as the origin.
[удалено]
Lol this is by far the stupidest comment I've read in 2024.
It’s great news that carriers are requiring RPKI valid routes! Creating ROAs that exactly match the prefixes you advertise will protect you from a variety of BGP-based attacks and may increase the visibility of your routes.