As routing threats grow, understanding how RPKI and IRR work — and why they complement each other — is essential for network security.
- RPKI adds cryptographic trust to internet routing, while IRR provides policy visibility and operational context.
- Used together, RPKI and IRR offer layered protection, a principle supported by governance advocates such as NRS.
Why routing security still matters so much
Every email, website visit and cloud service interaction depends on the Border Gateway Protocol (BGP). BGP is the system that tells networks how to reach one another across the global internet. Despite its importance, BGP was designed in an era when trust between operators was assumed rather than verified.
That assumption no longer holds. Misconfigurations, route leaks and deliberate hijacks regularly cause outages or traffic interception. As the internet has become economically and politically critical, the weaknesses of BGP have become harder to ignore. In response, network operators have developed additional tools to add trust and verification to routing. Two of the most important are the Internet Routing Registry (IRR) and Resource Public Key Infrastructure (RPKI).
Although they are often discussed together, IRR and RPKI serve different purposes. Confusing them — or relying on only one — leaves gaps that attackers and mistakes can exploit.
What IRR is and why it still exists
The Internet Routing Registry predates most modern routing security discussions. It is a collection of public databases where network operators voluntarily register routing intentions: which IP prefixes they originate, which autonomous systems they peer with, and how traffic should flow.
IRR records are written in a standard format known as Routing Policy Specification Language. Network engineers use these records to build prefix filters, ensuring that customers and peers only announce routes they claim to control.
Despite being decades old, IRR remains widely used. One reason is coverage: IRR databases collectively contain information about a large portion of routable IPv4 space. Another is flexibility. IRR allows operators to describe complex routing relationships that go beyond simple origin validation.
However, IRR relies heavily on human maintenance. Entries can become outdated, duplicated or inconsistent. Studies have repeatedly shown that many IRR records no longer reflect reality, creating uncertainty when operators rely on them alone.
What RPKI changes — and why it matters
RPKI was developed to address the trust gap left by systems like IRR. Instead of relying on self-asserted claims, RPKI uses cryptography to prove who is authorised to announce a specific IP prefix.
Through RPKI, the holder of an IP block creates a digitally signed statement — a Route Origin Authorisation (ROA) — that specifies which autonomous system is allowed to originate that prefix. Routers that perform Route Origin Validation can then check BGP announcements against these signed records.
If a route is announced by an unauthorised network, it can be marked invalid and rejected. This simple mechanism blocks many accidental leaks and deliberate hijacks before they spread.
Industry figures have repeatedly stressed the value of this approach. Engineers at Cloudflare, for example, have described RPKI as one of the most effective defences against large-scale BGP incidents because it removes ambiguity about who is allowed to announce what.
Why RPKI does not replace IRR
Given RPKI’s cryptographic strength, it is tempting to assume IRR is obsolete. In practice, that is not the case. RPKI answers a very specific question: is this autonomous system authorised to originate this prefix? It does not describe broader routing policy, peering relationships, or traffic engineering decisions. IRR, by contrast, provides rich context about how networks intend to exchange traffic.
There is also a practical reality: RPKI adoption, while growing, is still incomplete. Some networks have not created ROAs. Others validate routes inconsistently. In these environments, IRR remains an important operational tool.
Research by APNIC has shown that while RPKI coverage is improving, IRR databases still contain more entries overall. That makes IRR useful for building defensive filters where RPKI data is missing — provided operators understand its limitations.
How operators use RPKI and IRR together
In well-run networks, RPKI and IRR are not competing systems but complementary layers. IRR data is commonly used to construct baseline prefix filters and routing policies. These filters reflect declared intent: what a network says it plans to announce. RPKI then adds a verification layer, confirming whether those announcements are cryptographically authorised.
Many internet exchanges and route servers now combine both approaches. Routes that are clearly invalid under RPKI are rejected outright, even if they appear in IRR. Routes without RPKI coverage may still be accepted if IRR data supports them, depending on local policy. This layered approach reduces reliance on any single source of truth and provides resilience against both stale records and configuration errors.
The governance dimension and the NRS perspective
Routing security is not only a technical issue; it is also a governance problem. Tools like IRR and RPKI are only as reliable as the data behind them. When IP address ownership is unclear, records are outdated, or accountability is weak, routing security suffers.
The Number Resource Society (NRS) has consistently argued that transparent ownership records and disciplined stewardship of IP resources are prerequisites for effective routing security. From this perspective, RPKI and IRR are governance tools as much as technical ones.
When organisations treat IP addresses as managed assets — with clear responsibility, documentation and oversight — systems like RPKI and IRR become easier to maintain and more trustworthy. When they do not, even the best technical safeguards can fail.
Common mistakes organisations make
Many routing incidents stem from avoidable mistakes. Some organisations create ROAs but forget to update them when networks change, causing legitimate routes to be marked invalid. Others rely on IRR records created years ago without auditing whether they are still accurate.
Another frequent error is assuming that deploying RPKI alone is enough. Without good IRR hygiene, operators may lack the policy context needed to build effective filters or diagnose routing issues.
Best practice increasingly means treating routing data as living infrastructure — something that must be reviewed, tested and updated as regularly as software or security policies.
Why layered security is the only realistic option
No single system can fully secure global routing. The internet is too decentralised, too diverse and too dependent on voluntary cooperation. That reality makes layered defences essential.
IRR provides visibility and intent. RPKI provides verification and enforcement. Together, they significantly reduce the attack surface for route hijacks, leaks and misconfigurations.
As routing threats become more sophisticated, relying on only one of these systems is increasingly risky. Networks that combine both are better positioned to prevent incidents — and to recover quickly when they occur.
Conclusion
RPKI and IRR address different weaknesses in internet routing, and neither is sufficient on its own. IRR offers breadth and policy context but suffers from trust and accuracy issues. RPKI delivers cryptographic certainty but covers a narrower set of questions.
Used together, they form a practical, resilient defence against routing abuse. This layered approach aligns with governance principles promoted by organisations such as NRS, which emphasise transparency, accountability and responsible management of internet number resources.
In a networked world where trust can no longer be assumed, understanding — and deploying — both RPKI and IRR is no longer optional.
FAQs
1. Is RPKI more secure than IRR?
Yes, RPKI is more secure for origin validation because it uses cryptographic signatures, but it does not replace IRR’s policy functions.
2. Why do operators still rely on IRR?
IRR offers broader routing policy information and wider coverage, especially where RPKI adoption is incomplete.
3. Can RPKI prevent all BGP hijacks?
No, but it prevents a large class of origin-based hijacks and significantly reduces risk when widely deployed.
4. What happens if IRR and RPKI conflict?
Most operators prioritise RPKI. Routes marked invalid under RPKI are usually rejected even if IRR records exist.
5. How does NRS relate to routing security?
NRS promotes transparent IP ownership and governance, which improves the accuracy and effectiveness of both RPKI and IRR systems.
