Most route server instances at internet exchanges (IXPs) perform prefix filtering based on route/route6 objects published by internet routing registries. The data quality of these IRRDB objects is often poor, with problems relating to missing, stale and incorrectly duplicated information. Resource holders often have difficulty correcting this information due to the object sets being decoupled from the RIR resource assignments.
RPKI is a public key infrastructure framework designed to secure the internet's routing infrastructure in a way that replaces IRRs with a database where trust is assigned by the resource holder. There are still issues: the database has only a fraction of the prefix coverage as IRR databases do and there is no implemented support for features such as AS-SETs. We are now in a multi-year transition from IRR to RPKI while these issues are solved. In the presentation, we propose a best-practice integration of RPKI into the current IX route server context which still includes IRR support.
We will present the development work we have completed with IXP Manager to support RPKI and discuss our experiences at putting this live at INEX.