🎁 bgpkit-parser v0.14 released. We added #RPKI RTR messages parsing and encoding support with a RTR client example. We also added support for negative filters. Queries like `--filter "origin_asn!=400644"` now works as expected.
More details at https://github.com/bgpkit/bgpkit-parser/releases/tag/v0.14.0
Weekend Reads
* A look at GeoIP
https://www.potaroo.net/ispcol/2025-12/geoip.html
* Tor network pentest report
https://blog.torproject.org/code-audit-network-health-tools/TTP-code-audit-network-health-report.pdf
* RPKI publication practices
https://arxiv.org/abs/2512.16369
* World's hottest data centers
https://restofworld.org/2025/data-center-heat-map/
* Measuring people to government paths
https://arxiv.org/abs/2512.13994
Avis needed :
J’opère un petit relais Tor chez Scaleway, juste pour apporter un peu d’eau au moulin (héritage du Tor Challenge 2014).
Sympathiquement, des chercheurs (UConn) me signalent que le préfixe hébergeant le relay sur l’AS12876 n’a pas de ROA RPKI, exposant les guard relays à des attaques BGP par sous-préfixe (scénario avec modèle d’attaquan niveau AS).
Est-ce pertinent de demander la publication de ROA (maxLength /16) côté provider ?
Avis / retours d’expérience bienvenus.
The @ripencc recently added the ability to specify Autonomous System Provider Authorization (ASPA) objects in their #RPKI dashboard.
Routinator currently sees 322 published ASPAs. 🚀
Did you review your provider-customer relationships yet?
#OpenSource #RoutingSecurity #BGP
https://www.ripe.net/manage-ips-and-asns/resource-management/rpki/aspa/
The Internet Last Week
* Cloudflare outage
https://blog.cloudflare.com/5-december-2025-outage/
https://www.cloudflarestatus.com/incidents/lfrm31y6sw9q
https://www.thousandeyes.com/blog/cloudflare-outage-analysis-december-5-2025
* ASPA support in RIPE RPKI dashboard
https://mailman.ripe.net/archives/list/routing-wg@ripe.net/thread/XVKKYV4Y6NHTYWTXKN7OISSUMHVIENB5/
* Russia blocks FaceTime, Snapchat and Roblox
https://www.bleepingcomputer.com/news/security/russia-blocks-facetime-and-snapchat-over-use-in-terrorist-attacks/
https://www.bleepingcomputer.com/news/security/russia-blocks-roblox-over-distribution-of-lgbt-propaganda/
Cloudflare experienced a significant traffic outage on December 5, 2025, starting approximately at 8:47 UTC. The incident lasted approximately 25 minutes before resolution. We are sorry for the impact that it caused to our customers and the Internet. The incident was not caused by an attack and was due to configuration changes being applied to attempt to mitigate a recent industry-wide vulnerability impacting React Server Components.
Weekend Reads
* NANOG 95 report
https://www.potaroo.net/ispcol/2025-11/nanog95.html
* RPKI signed checklists
https://pulse.internetsociety.org/wp-content/uploads/2025/12/RPKI-Signed-Checklist-Report_FINAL-1.pdf
* Day in the life of RIPE Atlas
https://arxiv.org/abs/2511.22474
* Aggressive negative caching resolvers
https://tma.ifip.org/2025/wp-content/uploads/sites/14/2025/06/tma2025_paper26.pdf
* IAB workshop on IP address geolocation
https://datatracker.ietf.org/group/ipgeows/materials/
Friends, if you, your colleagues, or your organization has the means, especially if you've gotten some value out of rpki-client (also OpenBGPD or StayRTR), please consider donating to the non-profit Route Server Support Foundation (RSSF) to keep the software coming.
This is the important Internet infrastructure kind of stuff that is very deserving, and in need of support.
If you or your colleagues have ROAs in the #AFRINIC #RPKI repository, see this email from @job
Those with a non-conformant subject name can reissue the ROA themselves, the others will need to be fixed by the registry.
https://lists.afrinic.net/pipermail/dbwg/2025-November/000546.html
BGPKIT
John Kristoff
decio
NLnet Labs
Dataplane.org
Peter N. M. Hansteen