Cloudflare has announced that the company has released a Border Gateway Protocol safety check tool, isBGPSafeYet.com. The service’s source code is available on its GitHub page. The website tracks deployments and filters of invalid routes by the major networks.
Route leaks
Cloudflare also advised users to share the message with your Internet Service Providers, hosting providers, transit networks to build a safer Internet. Cloudflare announced that they expect this initiative will make RPKI more accessible to everyone and ultimately will reduce the impact of route leaks. Cloudflare also announced that to bad prefixes from its 200+ data centers and via the 233+ Internet Exchange Points we are connected to 103.21.244.0/24 and 2606:4700:7000::/48.
Both these prefixes should be considered invalid and should not be routed by your provider if RPKI is implemented within their network. This makes it easy to demonstrate how far a bad route can go, and test whether RPKI is working in the real world. Two possible outcomes for the test are:
- If both pages were correctly fetched, your ISP accepted the invalid route. It does not implement RPKI.
- If only valid.rpki.cloudflare.com was fetched, your ISP implements RPKI. You will be less sensitive to route-leaks.