Arelion My Arelion
Home / Knowledge Hub / What is guides / What is RPKI?

What is RPKI?

Explore our Security solutions
What is BGP? What is A2P Messaging?

Resource Public Key Infrastructure (RPKI)

Resource Public Key Infrastructure (RPKI) is a security framework by which network owners can validate and secure the critical route updates or Border Gateway Protocol (BGP) announcements between public Internet networks. BGP is essentially the central nervous system of the Internet and one of its fundamental building blocks.

The main function of BGP is to facilitate efficient routing between Autonomous Systems (AS), by building and maintaining the Internet routing table. The Internet routing table is effectively the navigation system of the Internet and without it, traffic would be unable to flow between its constituent networks. Unfortunately, routing equipment alone cannot distinguish between legitimate and malicious routing announcements, but network operators who implement RPKI validation and filtering can choose to reject announcements from networks not authorised to advertise those resources. In other words, RPKI is essentially a secure identification system for the BGP route information between autonomous systems.

Read more
Service
Routing security

    RPKI validation process and ROA

    RPKI proves the association between specific IP address blocks or ASNs and the holders of those Internet number resources. In practical terms, validators are used within an AS to ensure the validity of BGP route updates. RPKI uses a certificate structure that verifies a resource holder's right of use of their resources and can be validated cryptographically. These certificates are known as Route Origin Authorization (ROA).ROA validation is an important process within the Resource Public Key Infrastructure (RPKI), since the certificates contain a number of critical routing parameters, including Origin ASN, Prefix and Max Length.

    How does RPKI work?

    With RPKI, the certificate structure mirrors the way in which Internet number resources are distributed. That is, resources are initially distributed by IANA to the Regional Internet Registries (RIRs), who in turn distribute them to the Local Internet Registries (LIRs), and ultimately, to their customers – the autonomous system owners.

    Read more

    Why is RPKI important?

    RPKI reduces the risk of accidental route leaks and helps mitigate the blast radius of any incidents caused either by human error or BGP optimization software. It also helps prevent malicious IP resource hijacks, which can result in critical outages or fraudulent traffic manipulation

    • For content providers and resource owners, the registration of ROAs will help protect web assets from being deliberately hijacked and re-directed to other destinations (malicious site spoofing)
    • For service providers or Tier 1 networks with a duty to ensure the security of the Internet routing table, RPKI is a key component of MANRS compliance 
    • For the Internet user, choosing an ISP who has RPKI validation reduces the risk of personal data breaches and redirection to malicious sites
    Read more

    RPKI by Arelion

    Arelion was the first Tier-1 transit network in the world that launched the RPKI, successfully filtering invalid announcements from all external BGP sessions.

    Our approach is that the industry would benefit from every single entity operating in the default-free zone deploying RPKI, so here are a couple of things to take into consideration:

    • It is of the greatest importance to ensure that RPKI is deployed where the impact is the highest, starting with Tier-1 transit providers such as us, taking our responsibility and not waiting for customers to apply enough commercial pressure to force a rushed deployment 
    • In the spirit of this being a collaborative initiative, it is incumbent on us that have deployed RPKI to dare to share the experiences, mistakes, lessons and pitfalls in order to make the journey shorter and less painful for others
    • In large-scale networks, although it having taken years of efforts in applying pressure on vendors, it is sometimes taken for granted that origin validation capabilities are available everywhere. This is certainly not the case, and sometimes only stable in very recent software releases
    • For all intents and purposes, RPKI is an opt-in solution

    RPKI is included in all Arelion’s IP Transit offers. 

    Read more

    Frequently asked questions about RPKI

    How does RPKI improve Internet security?

    RPKI helps prevent accidental route leaks and malicious IP hijacks by cryptographically verifying the association between IP address blocks and their rightful owners, thereby ensuring only authorized networks can advertise specific routes.

    Why is RPKI important for network operators?

    Implementing RPKI allows network operators to enhance the security of the Internet routing table, protect against IP resource hijacking, and comply with security standards like MANRS, ultimately leading to a more secure and resilient Internet.

    Related products

    Service
    IP Transit

    BGP Transit to Internet content and billions of end-users, with the world’s best-connected backbone, AS1299. 
    Service
    DIA (IP Connect)

    High-speed Internet access without the need for an AS number or BGP Routing.

      The network of networks

      Serving customers in 129 countries, our 77,000 km fiber backbone spans North America, Europe and Asia. Our PoPs give you a direct route to the world’s best content and billions of end-users. Fiber-up control of our network with cutting-edge optical and IP technology deliver the scalability you need, whenever you need it.

      Discover our network Our newest PoPs and network stretches

        Find more information in the Arelion knowledge hub

        Whitepaper
        Read our whitepapers & reports

        Expert knowledge and invaluable insights to help you navigate your digital journey.
        Guide
        Read a 'What is' guide

        A series of guides about the Internet and other fundamental networking concepts, services and technology.
        Webinar
        Watch a webinar session

        Check out our expert hosted webinars diving deep into the latest topics within connectivity. 
        Podcast
        Listen to the Connectivity Podcast

        The world of networking has never been more exciting. Today, the Internet and network services play a critical role in our lives - individuals and businesses alike. 
        Blogpost
        Read a network blogpost

        Our thoughts and deeds. From industry trends to geeky networks stuff. 
        Event
        Discover upcoming events

        Discover our upcoming events – around the world or in the comfort of your own home office.

          Can't find what you need?

          Contact our experts for help. You can dismiss this message if you'd like. Otherwise, scroll down to see what we offer.

          Contact us It's okay, just scrolling.
          Available 24/7

          Award-winning customer experience

          At Arelion, our award-winning customer experience lies at the heart of everything we do. We work hard to deliver the best customer care in the business. We’re committed to making your experience so good, you don’t even know we’re here.

          Contact customer support
          Products & services Enterprise solutions Our network Why Arelion Career Sustainability Contact experts
          Offices Customer support Legal Knowledge hub Arelion blog Events
          What is IP Transit? What is the Internet backbone? What is Ethernet? What is DWDM? What is A2P messaging? What is Cloud Connect? What is a DDoS attack? What is EVPN?