[gorgoiler]

It’s a small business. Their staff could be infected or furloughed, or worse.

In terms of our day to day lives it might feel like the proverbial month of Sundays right now, but for operations teams it’s more like an unending stream of Friday afternoons in terms of sensitivity to making big infrastructure changes.

[tolien]

Yeah, that was how I read it - the impact of getting this wrong is that you break the internet for your customers (and staff, if they're all or mostly WFH) at a time when they're potentially depending on it to eat (e.g. if you're in a vulnerable group and need to order food for delivery) or work.

We've known BGP's been vulnerable in this way for years, so it's a bit of a weird time to actively encourage people to publicly shame their ISPs for being "unsafe".

[oasisbob]

Cloudflare's BGP activism isn't exactly a new thing, so critiquing their exact timing here seems misplaced perhaps?

[tolien]

isbgpsafeyet.com only appeared at 4 p.m BST yesterday, a Friday [1]. It's the timing of that which I took the OP to be commenting on. The GGP mentioned that we're in a month of Friday afternoons, this page dropped literally towards the end of the working day on a Friday afternoon!

As you say, Cloudflare have been promoting RPKI for a couple of years now and it's disappointing that more of the big players haven't implemented it yet but is now the time?

1: https://blog.cloudflare.com/is-bgp-safe-yet-rpki-routing-sec...

> 17/04/2020, 4:00:00 pm BST

> Today, we are releasing isBGPSafeYet.com, a website to track deployments and filtering of invalid routes by the major networks.

[kitteh]

While I am not a fan of some of Cloudflares actions over the years, they have been positive in the RPKI space for the last several years. They've hosted multiple meetings in their offices with some of the largest networks in the world to discuss RPKI strategy and deployment. They've opened sourced software to lower the bar for entry. Their staff was accomdating to other network operators when they rolled out Origin Validation to not black hole parts of the Internet and reached out to networks to let them know of the error to get it fixed. They, like the network I support have been impacted by some of the same hijacks and I share their frustration when major carriers are not only slow to deploy RPKI or have no plan at all (or even a plan to properly filter their customers: see Verizon). They've been a part of the fight along with other folks who are silent (but those who know, know them).

RPKI is no surprise. People have been beating on their upstreams for it for well over a year. Almost all Internet Exchanges have enabled BGP Origin Validation on their route servers (thanks to the efforts of folks like Job from NTT). It's about time we have a site like this that highlights the overall status of it. That said, there's more we can be doing here to provide metrics on RPKI adoption on the Internet.

[judge2020]

Maybe bad optics to do it right now but it needed to be released at some point. If they delayed it until we were at the tail end of the curve of Covid-19 infections, this blog could still rely on "we're still recovering from the pandemic" to support the "bad timing" argument.

[Avamander]

For some, it's never the time they should do something. ISPs are notorious for dragging their feet and they'd just find new excuses if CF had delayed the publish.

[tolien]

I mean, the bigger ISPs will just ignore it like they've ignored IPv6 ¯\_(ツ)_/¯

On the other hand, AAISP started automatically assigning IPv6 addresses ~9 years ago, so you can hardly accuse them of dragging their feet. The OP was published on a Saturday, after all.

[gorgoiler]

...and /48s at that too.