NTT announced today that it has deployed RPKI-based BGP Origin Validation on its Tier-1 Global IP Network, starting on March 25, 2020, resulting in the rejection of RPKI Invalid BGP route announcements on AS 2914 EBGP sessions. This change positively impacts the Internet routing system.
Origin Validation is a procedure by which route advertisements can be authenticated as originating from an expected Autonomous System Number (ASN), using one or more Route Origin Authorizations (ROAs) published in the Resource Public Key Infrastructure (RPKI).
NTT is committed to secure Internet routing and the use of RPKI technology is a critical component in the company’s efforts to improve business availability and reduce the negative impact of misconfigurations or malicious attacks in the global Internet routing system.
For NTT, this is the result of a multiyear project, which included outreach, education, collaboration with industry partners, and production of open source software shared among colleagues in the industry.
RPKI is deployed alongside Peerlock, a mechanism deployed by NTT to increase the Internet’s routing security by protecting the Global IP Network’s BGP neighbors with an additional layer of AS_PATH filtering to prevent route leaks and path spoofing. The combination of RPKI and Peerlock results in very secure routing decisions, some of the most advanced in the industry.
NTT considers RPKI to be an essential prerequisite for a secure global routing system, which in turn is critical for a reliable worldwide Internet. The company is one of the first Tier-1 global carriers to deploy RPKI at this scale.
“We encourage customers, partners and other players in the industry to adopt similar routing policies,” said Job Snijders, IP Development Engineer at the Global IP Network of NTT Ltd. “A combined effort of this magnitude will result in collective benefits and have a positive impact on the Internet ecosystem in general.”
This deployment milestone will cover 95% of EBGP sessions in NTT's Global IP Network. More information about the Global IP Network’s routing policies and the RPKI-based BGP origin validation is available here: https://www.gin.ntt.net/support/policy/rr.cfm. If you are a Global IP Network customer and have any questions or concerns, please contact our Global NOC at firstname.lastname@example.org.