Validation Results of Unique IPv4 Prefix/Origin Pairs using Global RPKI
[compare]
The graph above represents the daily snapshot of validation results for
unique Prefix/Origin pairs.
The Prefix/Origin pairs are extracted from BGP table dumps from the
RouteViews Oregon Collector. The table dumps are collected 3 times per
day, every 8 hours. The union of all unique Prefix/Origin pairs observed
in a given day is validated against the global RPKI using the algorithm
described in
[RFC 6811].
As described in RFC 6811, Prefix/Origin validation results in one
of three outcomes:
'not found', 'valid', and 'invalid'. The validation
result 'not found' is also known as 'unknown'
[RFC 6483].
The graph below depicts the history of daily validation results for unique
Prefix/Origin pairs.
[compare]
The graph below shows the validation results of unique IPv4 Prefix/Origin pairs in terms of address space in /24 equivalents (instead of the number of pairs as shown above).
[compare]
The history graph will be included later. The graph below shows the above validation results over time.
Detailed Analysis of Validation Result 'Invalid'
[compare]
The graph above represents the daily snapshot of the details of 'Invalid'
unique Prefix/Origin pairs. The 'Invalid'
[RFC 6811]
Prefix/Origin pairs are further classified into the following four
different categories
[RFC 6907, Section 7.1]:
- Invalid:AS
Covering ROA Prefix with maxLength Satisfied and AS Mismatch.
- Invalid:ML
Covering ROA Prefix with maxLength Exceeded and AS Match.
- Invalid:ML-AS
Covering ROA Prefixes, one (+) maxLength Exceeded and one (+) AS Mismatch.
- Invalid:AS-SET
The origin AS could not be determined from the BGP update used to
announce the prefix (i.e., because it contains an AS-SET), and a
ROA covering the prefix exists.
The graph below depicts the history of the details of
unique Prefix/Origin pairs that were 'Invalid'.
[compare]
The graph below shows BGP Prefix/Origin pairs invalid due to the length (the categoriy of 'Invalid:ML' above) in terms of prefix length.
[compare]
-->
The graph below shows BGP Prefix/Origin pairs invalid due to origin AS in terms of prefix length (combined three categories above: 'Invalid:AS', 'Invalid:ML-AS and Invalid:AS-SET).
[compare]
Detailed Analysis of Validation Result 'Not Found'
[compare]
The graph above represents the daily snapshot of the details of
'Not Found' unique Prefix/Origin pairs. The 'Not Found'
[RFC 6811]
Prefix/Origin pairs are further classified into the following two
different categories:
- Not Found:Simple Origin AS was
determinable from the BGP update used to announce the prefix,
and Covering ROA Prefix was not found.
- Not Found:AS-SET Origin AS could not be
determined from the BGP update used to announce the prefix
(i.e., because it contains an AS-SET), and Covering ROA Prefix
was not found.
The graph below depicts the history of the details of unique
Prefix/Origin pairs that were 'Not Found'.
[compare]
25 Autonomous Systems with the most Prefixes VALID by RPKI
The graph below depicts the 25 autonomous systems based on the number of BGP
originated prefixes valid by RPKI.
[compare]
25 Autonomous Systems with the most Address Space VALID by RPKI
The graph below depicts the 25 autonomous systems by the size of address space (/24 equivalents) of BGP origination valid by RPKI.
[compare]
25 Autonomous Systems with the most Prefixes INVALID by RPKI
The graph below depicts the 25 autonomous systems based on the number of BGP
originated prefixes invalid by RPKI.
[compare]
25 Autonomous Systems with the most Address Space INVALID by RPKI
The graph below depicts the 25 autonomous systems by the size of address space (/24 equivalents) of BGP origination invalid by RPKI.
[compare]
