[db-wg] Route(6) objects
- Previous message (by thread): [db-wg] Route(6) objects
- Next message (by thread): [db-wg] Route(6) objects
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Cynthia Revström
me at cynthia.re
Mon Jul 10 14:36:42 CEST 2023
Look, you can never be certain that 100% of networks are going to accept your prefixes but for DDoS that shouldn't matter as others have pointed out. What I can say is please don't create 65536 route6 objects or otherwise I feel like we are going to have to start discussion about a policy to prevent people doing that. Also why do you need them to be advertised as /48s? If you just need them to be more specific than a /32 couldn't you just do /33s, /34s, /35s, /36s, or something like that? -Cynthia On Mon, Jul 10, 2023 at 2:13 PM Kaupo Ehtnurm via db-wg <db-wg at ripe.net> wrote: > > Hello > > Thank you very much for the explanation. > But I think we have steered away a little bit from my original question. > > As I can conclude from all the answers earlier, then still my only option if I want my ip transit provider to be able to advertise some /48 within my /32 at random times and for random durations is using /32 as route6 object and hope that everyone in the internet filters "2001:1234::/32 le 48 permit" or "2001:1234::/32 eq 48 permit" instead of "2001:1234::/32 permit"? > Or actually make the 65536 route6 objects (for each of the /48 that fits into that /32)? > Or is there a third possibility instead hoping that AS-s from all over the internet are familiar with this kind of issue and allow /48 prefixes into their routers instead of exact /32 prefix (although the route6 object states that our provider should advertise only /32) or making unnecessary amount(65536 objects for 1x/32) of route6 objects? > > I ultimatelly want my ip transit provider to be able to advertise different /48 prefixes at random times for random durations. And want it to pass IRR filtering also, not just rpki filtering in different ASs across the globe. > > > Lugupidamisega / Best regards, > > Kaupo Ehtnurm > > > Network & System administrator > WaveCom AS > ISO 9001 & 27001 Certified DC and verified VMware Cloud > kaupo at wavecom.ee | +372 5685 0002 > Endla 16, Tallinn 10142 Estonia | [ http://www.wavecom.ee/ | www.wavecom.ee ] > > ----- Original Message ----- > From: "Job Snijders" <job at sobornost.net> > To: "Kaupo Ehtnurm" <kaupo at wavecom.ee> > Cc: "Nick Hilliard" <nick at foobar.org>, "Kaupo Ehtnurm via db-wg" <db-wg at ripe.net> > Sent: Monday, July 10, 2023 2:18:57 PM > Subject: Re: [db-wg] Route(6) objects > > Dear Kaupo, others, > > (Speaking as individual working group contributor.) > > On Mon, Jul 10, 2023 at 10:06:30AM +0300, Kaupo Ehtnurm via db-wg wrote: > > Since route6 object is a must and ROA is a should and they ultimately > > fill the same purpose, than why isn't there a "max length" in route6 > > object? > > That's a good question! > > The specification of IRR 'route6:' objects pre-dates the specification > of RPKI ROAs by a number of years. One explanation might be that the > designers of RPSL-NG simply didn't think of it. > > Another aspect is that RPKI ROAs are used as an input into the RFC 6811 > Origin Validation procedure (which yields invalid/valid/not-found as > outcomes), but no such algorithm existed when RPSL-NG route/route6 > objects were defined. I can see how RPKI ROAs and RPSL-NG route/route6 > objects look kind of similar from a high level, but the devil is in the > details: they do fulfill slightly different purposes. > > It's important to note that in recent years new insights arose how to > make the best use of RPKI ROAs: last year's BCP 185 / RFC 9319 > recommends to avoid using the maxLength attribute in RPKI ROAs. > > Porting 'maxLength' functionality to RPSL-NG route/route6 objects would > represent a significant community effort: people would need to write an > Internet-Draft to specify what the field really means, and lots of > software toolchains would need updating. Given that maxLength in RPKI > ROAs was not universially perceived as a good idea, I'm not very > optimistic that porting such functionality to the 'legacy' IRR system is > worth the effort. > > Kind regards, > > Job > > -- > > To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/db-wg
- Previous message (by thread): [db-wg] Route(6) objects
- Next message (by thread): [db-wg] Route(6) objects
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]