Route Origin Authorization: Transforming Behavior Models and Empowering a Secure Internet

A shield in a digitalized environment, with ROA (Route Origin Authorization) letters on it.

Global Route Origin Authorization (ROA) adoption has been on the rise – as of July 2023, there have been 449,808 ROAs strengthening network protection in the RPKI system.

Route Origin Authorization numbers have significantly risen from the beginning of the year 2023, increasing from 391,031 to 442,051.

The global number of Route Origin Authorizations has significantly risen from the beginning of the year 2023.

During a six-month period, the implementation of Route Origin Authorization demonstrated major improvements in overall network security, as witnessed by IPXO.

We are fully committed to driving ROA adoption within our company and encourage others to do the same. The internet ecosystem will be safer, faster, and more reliable as a result.”

— Vaidotas Januska, CTO of IPXO

LONDON, UK, August 1, 2023/EINPresswire.com/ — In the rapidly evolving digital landscape, network security emerges as a topmost priority. As organizations navigate the complexities of the global digital domain, the implementation of Route Origin Authorization (ROA) surfaces as a transformative solution.

At the forefront of this innovative technology, next-gen IP address management platform IPXO has gained critical insights into the pivotal role of ROA in safeguarding network integrity and fortifying routing efficiency.

According to Cloudflare statistics, as of July 2023, there have been 449,808 ROAs in the global Resource Public Key Infrastructure (RPKI) system, and the numbers are steadily growing. ROA offers a proactive and robust approach to secure routing, addressing critical issues such as route hijacking, route leaks, IP address spoofing, and the authentication of Border Gateway Protocol (BGP) route announcements.

With this innovative mechanism in place, organizations not only mitigate potential threats but also ensure the utmost trustworthiness of routing information.

“ROA has proven to be a game changer for us,” says Vaidotas Januska, Chief Technology Officer (CTO) of IPXO. “By authorizing the origin of IP address prefixes on our network, we’ve mitigated the risk of unauthorized routing announcements and reduced instances of route hijacking by over 50% in the past six months.”

THE MEANING OF ROUTE ORIGIN AUTHORIZATION

ROAs are digital certificates that confirm which Autonomous System (AS) is authorized to advertise certain IP address blocks. By validating these permissions, companies can ensure routing announcements on their networks are legitimate.

ROA is part of the RPKI system, which was proposed in 2005 by researchers Geoff Huston and Randy Bush to improve routing security in the BGP and the Internet’s global routing system.

Subsequently, RPKI underwent several years of development and standardization, with the Internet Engineering Task Force (IETF) publishing initial standards in 2010. Since then, ROA has been gradually adopted by network operators and Internet Service Providers (ISPs) to reinforce the security and trustworthiness of route announcements.

EMPOWERMENT OF NETWORK SECURITY AND EFFICIENCY

IPXO has witnessed firsthand how Route Origin Authorization enhances network security and performance, leading to several notable benefits. The company has implemented both hosted and delegated ROA models in collaboration with Regional Internet Registries (RIRs) like ARIN and RIPE NCC.

The hosted model allows IPXO to create ROAs through the RIR’s portal, while the delegated model enables IPXO to generate and manage ROAs autonomously.

The company manages 38.4% of 3.2 million subnets in its Marketplace through extensive ROA implementation. The delegated model has been particularly impactful, giving the platform automated control that has enabled it to be extremely responsive in revoking ROAs when a client de-provisions an IP resource, preventing lingering unauthorized announcements.

With automated ROA processes in place, IPXO can now efficiently validate routes and promptly revoke authorizations when needed. This has led to a substantial increase in parking utilization (temporarily assuming control of withdrawn IP addresses) as well as improved network convergence and stability.

ROA automation has also been instrumental in helping to identify and resolve unauthorized announcements that persist after resource revocation. This involves automatically cross-checking IP announcements against valid ROAs and notifying customers of discrepancies.

“We’ve built an ecosystem of mutually reinforcing technologies including ROA, parking, quarantining, and more to maximize security and minimize unauthorized activity,” says Januska. “It’s allowing us to proactively identify and resolve issues before they escalate.”

To gain exclusive insights into IPXO’s statistics and explore the subject in-depth, click here.

ANALYZING GLOBAL ADOPTION OF ROA

Globally, ROA adoption is on the rise as well, with network operators increasingly turning to this powerful security mechanism. According to recent data, 34% of networks worldwide now use ROAs, a trend IPXO believes will only accelerate as more realize the benefits.

“We’ve seen firsthand how ROA can strengthen security, improve efficiency, and enable more nuanced routing policies,” believes Januska. “Network operators globally are recognizing ROA’s immense value.”

ROA complements other mechanisms like prefix filtering and anomaly detection to provide defense in depth against route hijacking, route leaks, and other vulnerabilities in the global BGP routing system.

BABY STEPS TOWARD A SAFER INTERNET: IMPLEMENTING ROA

To implement Route Origin Authorization within an organization, a phased, conservative approach is recommended. Careful monitoring of ROA workflows is needed, especially during initial deployment phases. Building up ROA coverage steadily also avoids overloading validation systems.

“Focus first on your own ASNs and address space, then gradually expand ROA enablement to customers,” recommends Januska. “Precision matters – issue ROAs based on actual needs rather than blanketing everything.”

According to the CTO, a crawling-walking-running methodology centered on continuous monitoring and improvement will allow organizations to safely realize ROA’s immense advantages. IPXO’s six-month ROA journey exemplifies this phased deployment approach centered on continuous monitoring and improvement.

“ROA is clearly integral to the future of routing security,” concludes Januska. “We are fully committed to driving adoption within our company and encourage others to do the same. The internet ecosystem will be safer, faster, and more reliable as a result.”

ABOUT IPXO
IPXO is a leading IP address management platform, providing services to ISPs, telcos, hosting providers, and others. The company is at the forefront of addressing industry challenges such as IPv4 shortage, IPv6 adoption, management obstacles, IP defragmentation, and routing automation. With potential access to a vast number of 3.2M IPv4 addresses and a strong presence within the RIR community, IPXO is emerging as the business-critical infrastructure platform for enterprises worldwide. For more on IPXO’s mission-critical infrastructure solutions, visit www.ipxo.com.

Agne Srebaliute
IPXO LLC
email us here
Visit us on social media:
LinkedIn
Twitter
YouTube

LEAVE A REPLY

Please enter your comment!
Please enter your name here