Resources for BGP RPKI

Routing security has been an issue from the start of the internet. ISP must take a number of manual efforts to insure only those authorized inject routes into the internet table. RPKI was created as a way to sign routes using standard public key certificates so that they can be verified as belonging to a particular entity. This will prevent both accidental route leaks and malicious route high jacking.

Below are resources in a recommended order to first learn how the process works and implement this on Juniper Junos routing platforms.

MANRS training

MANRS (Mutually Agreed Norms for Routing Security) is an organization to encourage ISPs to implement RPKI.

  • Introduction
  • IRRs, RPKI & Peering DB
  • Filtering: Preventing propagation of incorrect routing information
  • Anti-Spoofing: Preventing traffic with spoofed souce IP addresses
  • Coordination: Global communications between network operators


MANRS Implementation Guide

MANRS Implementation Guide – Online Version

MANRS week videos 2021: RPKI Week

Juniper Documentation

Juniper Day One: routing Security PDF version 2

Junos Documentation:

BGP Route Authentication | BGP User Guide | Juniper Networks TechLibrary


ARIN RPKI Resource Certification (RPKI)

Peering DB:

CAIDA Spoofer: Spoofer

Hurricane Electric: RPKI rollout at Hurricane Electric | APNIC Blog

NANOG Presentation 2021:

Verify which prefixes have verified ROA payloads

Originally posted: 8/16/2021

updated: 6/11/2022