Deutsche Telekom Global Carrier enhances Global Internet Security
RPKI-based filtering policies now enabled on its AS3320 network
Deutsche Telekom Global Carrier's AS3320 network is one of the largest IP networks in the world and is constantly evolving to provide best-in-class IP services, connectivity and stability to its External Border Gateway Protocol (eBGP) peers. As part of this evolution, Deutsche Telekom Global Carrier has enabled Resource Public Key Infrastructure (RPKI)-based filtering policies within the AS3320 network.
This means that Deutsche Telekom Global Carrier will not accept announcements of a prefix if there is a Route Origin Authorization (ROA) that would mark it as invalid and there is no ROA that would mark it as valid. Prefixes validated as unknown are still accepted. This implementation discards RPKI invalid prefixes.
All advertisements received by the Deutsche Telekom Global Carrier network are verified against an ROA registered with the appropriate Regional Internet Registry (RIR). This helps ensure the authenticity of the routing information received and distributed within the Deutsche Telekom Global Carrier network and prevents accidental or malicious route hijacking.
To correct invalid prefixes, the Regional Internet Registry's record of IP resources must be used to correct or create the appropriate ROAs.
The RPKI validation functionality has been live since February 22, 2024.