The NIST RPKI Monitor is a test and measurement tool designed to monitor the dynamics of the global Resource Public Key Infrastructure (RPKI) and the impact of RPKI Route Origin Validation (ROV) on Internet routing. Its purpose is to provide measurement data and analyses to the research, standardization, and operations communities necessary to improve the trust and confidence in the underlying technologies.
This is the second version of the NIST RPKI Monitor – developed to add more analysis features for understanding completeness, correctness and stability of the global RPKI-ROV infrastructure.
The full monitor is accessible at this URL: https://rpki-monitor.antd.nist.gov/
Most of the analysis features of the original NIST RPKI monitor have been migrated to this new platform, but if you are looking for information from the prior version that you can’t find here, the original monitor is available here: rpki-monitor-v1.antd.nist.gov.
This tool is one product of NIST's work with industry to design, standardize and foster commercialization and deployment of technologies to improve the resilience of Internet routing. NIST’s Robust Inter-Domain Routing project is part of a larger Trustworthy Networking program focused on the research and development of technologies necessary to increase the security, privacy, and robustness of networked systems.
The NIST RPKI Monitor is a test and measurement tool developed by NIST’s Internet Technologies Research Group for the purpose of supporting research, and standardization of technologies to improve the robustness and security of the Internet’s inter-domain routing infrastructure. The monitor attempts to quantitatively characterize the state of deployment of the emerging Resource Public Key Infrastructure (RPKI) in terms of its completeness, correctness and robustness.
This latest version of the monitor provides all of the analyses from previous versions, while adding new forms of analysis and new means to interactively explore data. The section below provides some highlights of the monitor's capabilities. For full details see the NIST RPKI Monitor Methodology and User's Guide page.
The monitor continues to provide analysis of the application global RPKI data to global BGP trace data. Various views of the results of RPKI-ROV, both current snap shots and historical views (summarized by various criteria) are provided.
Jump to RPKI-ROV Analysis for details.
Many of the new analyses focus on understanding changes in the state of RPKI-ROV - both in terms of the volume of change and the details of individual validation changes. The monitor now allows one to see the details of the underlying RPKI changes that result in a change in RPKI-ROV for specific BGP originations.
This version of the monitor provides the ability to filter the data and visualizations to focus on a specific set of prefixes, ASNs, regions or protocols (IPv4 or IPv6). The monitor also provides the ability to look back at results from specific dates, or to interactively explore a range of dates.
Jump to ROV Changes for details.
New analyses have been added to further examine the implications of RPKI-ROV Invalid routes. In particular the monitor provides analysis of the "coverage" of Invalid announcements - by other routes that are not Invalid.
Jump to Coverage of Invalids for details.
The monitor creates periodic summary reports for all RPKI-ROV state changes. The monitor also produces summary reports when it detects anomalies in the RPKI-ROV system (e.g., unusually large number of RPKI or RPKI-ROV state changes, etc). Users can subscribe to an email list to receive these reports in a daily summary or more frequently. See the NIST RPKI Monitor Methodology page for instructions for joining these mailing lists.
Jump to Reports for details.
The monitor continues to provide analyses of global RPKI repositories, including various statistics on the size and shape of the RPKI infrastructure.
Jump to RPKI Data Analysis for details.