Internet2: Network Routing Security and RPKI Adoption in Research and Education
Routing security incidents may not make news headlines… however, the impacts are real and significant.
Grush: Who has adopted RPKI-ROAs, in the higher education R&E space? Which organizations are the models and champions of routing security and RPKI-ROAs?
Deaton: I think it's fantastic that we've had, over the years since its 2008 introduction, some very strong early adopters of RPKI, including state and regional networks like Michigan's Merit Network and New Jersey's Edge. They have spent a lot of effort helping establish routing security within their networks and their communities. We also have higher education institutions like The George Washington University and Texas A&M University that have made great strides in this space. Some of these early adopters have been leveraging RPKI for more than a decade.
The 2008-2010 timeframe is when our own Network Technology Advisory Committee at Internet2 began referencing discussions and reporting on the rising interest within the community about RPKI and the actions that need to be taken to address it.
Grush: Could you comment on RPKI-ROA adoption rates, specifically what some of the more cited statistics mean in the context of R&E?
Deaton: I think it's important for the higher education community to understand that we've got some great momentum going. Right now, 226 of the Internet2-connected R&E networks are protecting their IP addresses using RPKI-ROAs.
Internet2 has been working with ARIN, the American Registry for Internet Numbers, to track the U.S. R&E community specifically so that we're able to give credible reports that show adoption status and highlight the IP addresses that still need to be protected by RPKI-ROAs.
For example, if you look across the IP addresses owned by any U.S. R&E organizations — whether Internet2 members or not — only about 24 percent of those R&E IPv4 addresses are protected by RPKI-ROAs. Then if you look globally at IPv4 addresses across all sectors — including R&E, commercial Internet service providers, and others — there's close to a 45 percent adoption rate. You can see that industry and other players are ahead of R&E in this space. And so, we're working to bridge that gap in the coming year. It's one of the main reasons we established our Internet2 Routing Integrity Initiative in 2022.
Going back to what I said earlier, we have 226 Internet2-connected R&E networks that have already adopted RPKI. With data from ARIN, we know that there are more than 800 additional R&E organizations currently in a position to adopt RPKI-ROAs. So we think closing the gap is achievable.
We have 226 Internet2-connected R&E networks that have already adopted RPKI… There are more than 800 additional R&E organizations currently in a position to adopt RPKI-ROAs.
We're working both internally and with our R&E network community to help build pathways for campus IT leaders to establish RPKI-ROAs — while we help address friction points through collaboration. That includes supporting a better understanding of the processes that ARIN has already established and made available to those 800-plus institutions. We're excited to see that we have a path forward, where we can hopefully help close the gap for RPKI adoption in R&E over the next year.
We're working both internally and with our R&E network community to help build pathways for campus IT leaders to establish RPKI-ROAs.
Grush: How can Internet2 bring together not only the R&E community in this effort, but also work with other organizations and resources that have relevance and an impact on routing security? First, how can the Internet2 Routing Integrity Initiative help?