Cooking Up Secure Routes with ROAST
MANRS has always had the ambitious goal to improve the state of routing security for everyone, and a large part of that is clearly depicting which organizations and network operators are doing their part in securing their infrastructure.
The ROA Stats Tool (ROAST) showcases which ASes are announcing valid ROAs, and which are not. Without this visibility, it can be difficult to identify which ASes control which IP prefixes.
This high-level visibility into an AS provides better transparency into whether or not an AS is using ROAs across its IP prefixes (something we’re passionate about with MANRS), and enables network operators to clearly identify the legitimacy of routing information. Without this overview, it can be difficult to have a clear view across an AS’s network.
ROAST was initially developed as a research project within the Internet Society and was released as a standalone tool in May 2023. The usefulness of ROAST quickly became apparent, and as it outgrew the scope of being a standalone tool, we felt it best to give it the attention it deserved. To provide a consistent user experience and powerful interface, we rebuilt this functionality from the ground up within the bounds of the MANRS Observatory. Doing so enabled us to further improve the usefulness of the tool, providing better functionality to all Observatory visitors.
In addition to this, in our efforts to further strengthen the functionality and breadth of data within the MANRS Observatory, we released a new feature for the public API: the ROA History API endpoint. This endpoint provides a convenient filterable view of historic information for known ROAs, obtained from RIPE’s public RPKI archive.
We’re thankful to Max Stucchi, the original creator of ROAST, for the inspiration and initial tool. Please see the new and expanded ROAST and check your network.
As always, if you’re already a MANRS participant, thank you for valuing routing security and helping us meet that mission to secure Internet routing for everyone. And if you’re not a MANRS participant yet, join us!
Leave a Comment