Dear community,

 

The Deutsche Telekom/AS3320 network is continuously evolving to provide best-in-class IP services, connectivity, and stability to its eBGP peers. As part of this evolution, DT will enable Resource Public Key Infrastructure (RPKI) based filtering policies within the AS3320 network. This means that in the future we won't accept any prefixes that are advertised with an incorrect matching RPKI ROA record. Prefixes validated as "unknown" will still be accepted.

 

This implementation will discard RPKI invalid prefixes.

All advertisements received by the DT network are verified against an encrypted Route Origin Authorization (ROA) registered with the appropriate Regional Internet Registry (RIR). This will help ensure the authenticity of routing information received and distributed within DT's network and prevent accidental or malicious route hijacking.

The RPKI validation functionality will be fully functional during Q1 2024.

 

Please note that after RPKI-based filtering is enabled, RPKI invalid prefix(es) received by the AS3320 will be discarded. To correct INVALID prefixes, please use the Regional Internet Registry's record of IP resources to correct or create the appropriate ROAs. Or encourage your customers to correct the entries.

For additional questions or needed information, please contact me and I will loop in the necessary teams from DT.