Validation Results of Unique IPv4 Prefix/Origin Pairs using Global RPKI
[compare]
The graph above represents the daily snapshot of validation results for
unique Prefix/Origin pairs.
The Prefix/Origin pairs are extracted from BGP table dumps from the
RouteViews Oregon Collector. The table dumps are collected 3 times per
day, every 8 hours. The union of all unique Prefix/Origin pairs observed
in a given day is validated against the global RPKI using the algorithm
described in
[RFC 6811].
As described in RFC 6811, Prefix/Origin validation results in one
of three outcomes:
'not found', 'valid', and 'invalid'. The validation
result 'not found' is also known as 'unknown'
[RFC 6483].
The graph below depicts the history of daily validation results for unique
Prefix/Origin pairs.
[compare]
The graph below shows the validation results of unique IPv4 Prefix/Origin pairs in terms of address space in /24 equivalents (instead of the number of pairs as shown above).
[compare]
The history graph will be included later. The graph below shows the above validation results over time.
Detailed Analysis of Validation Result 'Invalid'
[compare]
The graph above represents the daily snapshot of the details of 'Invalid'
unique Prefix/Origin pairs. The 'Invalid'
[RFC 6811]
Prefix/Origin pairs are further classified into the following four
different categories
[RFC 6907, Section 7.1]:
- Invalid:AS
Covering ROA Prefix with maxLength Satisfied and AS Mismatch.
- Invalid:ML
Covering ROA Prefix with maxLength Exceeded and AS Match.
- Invalid:ML-AS
Covering ROA Prefixes, one (+) maxLength Exceeded and one (+) AS Mismatch.
- Invalid:AS-SET
The origin AS could not be determined from the BGP update used to
announce the prefix (i.e., because it contains an AS-SET), and a
ROA covering the prefix exists.
The graph below depicts the history of the details of
unique Prefix/Origin pairs that were 'Invalid'.
[compare]
The graph below shows BGP Prefix/Origin pairs invalid due to the length (the categoriy of 'Invalid:ML' above) in terms of prefix length.
[compare]
The graph below shows BGP Prefix/Origin pairs invalid due to origin AS in terms of prefix length (combined three categories above: 'Invalid:AS', 'Invalid:ML-AS and Invalid:AS-SET).
[compare]
Detailed Analysis of Validation Result 'Not Found'
[compare]
The graph above represents the daily snapshot of the details of
'Not Found' unique Prefix/Origin pairs. The 'Not Found'
[RFC 6811]
Prefix/Origin pairs are further classified into the following two
different categories:
- Not Found:Simple Origin AS was
determinable from the BGP update used to announce the prefix,
and Covering ROA Prefix was not found.
- Not Found:AS-SET Origin AS could not be
determined from the BGP update used to announce the prefix
(i.e., because it contains an AS-SET), and Covering ROA Prefix
was not found.
The graph below depicts the history of the details of unique
Prefix/Origin pairs that were 'Not Found'.
[compare]
25 Autonomous Systems with the most Prefixes VALID by RPKI
The graph below depicts the 25 autonomous systems based on the number of BGP
originated prefixes valid by RPKI.
25 Autonomous Systems with the most Address Space VALID by RPKI
The graph below depicts the 25 autonomous systems by the size of address space (/24 equivalents) of BGP origination valid by RPKI.
25 Autonomous Systems with the most Prefixes INVALID by RPKI
The graph below depicts the 25 autonomous systems based on the number of BGP
originated prefixes invalid by RPKI.
25 Autonomous Systems with the most Address Space INVALID by RPKI
The graph below depicts the 25 autonomous systems by the size of address space (/24 equivalents) of BGP origination invalid by RPKI.