Kentik's view of Secure BGP in 2025

In this episode of PING, Doug Madory from Kentik discusses his rundown of the state of play in secure BGP across 2024 and 2025. Kentik has it’s own internal measurements of BGP behaviour and flow data across the surface of the internet, which combined with the Oregon University curated routeviews archive means Doug can analyse both the publicly visible state of BGP from archives, and Kentik’s own view of the dynamics of BGP change, along side other systems like the worldwide RPKI model, and the Internet Routing Registry systems.

Doug has written about this before on the APNIC Blog in May of 2024.

RPKI demands two outcomes, Firstly that the asset holders who control a given range of Internet Address sign an intent regarding who originates it the ROA, and secondly that the BGP speakers worldwide implement validation of the routing they see, known as Route Origin Validation or ROV. ROA signing is easy, and increases very simply if the delegate uses an RIR hosted system to make the signed objects. ROV is not always simple and has to be deployed carefully so has a slower rate of deployment, and more consequence in costs to the BGP speaker. Doug has been tracking both independently, as well as looking at known routing incidents in the default free zone, and therefore the impact on RPKI active networks, and everywhere else.

Read more about RPKI and BGP on the APNIC Blog, the web, and at Doug’s own blogging at Kentik:

• RPKI ROV reaches a Major Milestone (APNIC Blog, May 2024)
• Blog Articles by Doug Madory on the APNIC Blog
• The Oregon Routeviews Project
• Doug Madory’s blog posts at Kentik
• A shorter interview with Doug Madory on AS_SET problems features in an earlier PING episode, recorded at the ISOC Pulse “PIMF” session at APRICOT 2025.